Language Selection

English French German Italian Portuguese Spanish

FreeBSD bug gives untrusted root access

Filed under
Security
BSD

A security bug in the latest version of the FreeBSD can be exploited to grant unprivileged users complete control over the operating system, a German researcher said Monday.

The flaw is present in FreeBSD 8.0 and is known to affect versions 7.1 and 7.2 of the open-source OS, Nikolaos Rangos told The Register. He said it was "unbelievably simple" to exploit. Shortly after he disclosed the flaw on the Full Disclosure mailing list, other researchers said they were able to confirm the bug.

The bug resides in FreeBSD's run-time link editor. A binary run by an unprivileged user can be executed with administrative privileges in a restricted environment, Rangos said. That allows the user to obtain root access to the system. All that's required to run the exploit code, which Rangos included in his post, is a command shell.

More here and Here




More in Tux Machines

Fedora and Red Hat Leftovers

today's howtos

Kubuntu 18.04 Bionic Beaver upgrades - Results!

A month later, two upgrades later, Kubuntu 18.04 Bionic Beaver is a nicer distribution than what I tested shortly after its official release. But then, it's not perfect. The older box with the Nvidia card returned better results overall, although there were some niggles. On the multi-boot laptop, I wasn't too happy with the slow-boot issue, although this is NOT a Kubuntu-specific problem, as you will learn in a few days. But it still does not give me the razor-sharp confidence I need and expect from an LTS. In general, Ubuntu-family upgrades are reasonably robust, but they can still be more streamlined, including package removal, third-party repos and odd glitches here and there. I wonder how I'd have felt if I tested Beaver fresh, right now. Alas, I cannot delete the memory of my first encounter. With Trusty, it was just right. Here, it might be right, and I may even end up using - and loving - Plasma Bionic in my prod setup, but it will never be the amazing chemistry I had with 14.04. But if you're wondering, by all means, worth testing and upgrading, and the post-release Kubuntu Beaver is a pretty slick and tight distro. If I had to judge in isolation, i.e. no early-May scars, then when I combine performance, looks, fonts, media, hardware support, and such, 'tis really neat. Something like 9/10. Now, just waiting for the Men In Black mind-zapping eraser thingie, so I can be blissfully happy. And we're done. Read more

Unixstickers

Unixstickers

Awesome products, will definitely get another bunch of some more stickers soon :-)