<@`acdc> that null pointer deref for bsd is for <= 6.1
+++
the vuln/exploit referred to here(proto_ops and kqueue.txt) has been in the wild for about 2 weeks now.
Below is from the Full Disclosure post in August 2009
FreeBSD <= 6.1 suffers from classical check/use race condition on systems in kevent()
syscall, leading to kernel mode NULL pointer dereference. It can be triggered by
spawning two threads: 1st thread looping on open() and close() syscalls, and the 2nd
thread looping on kevent(), trying to add possibly invalid filedescriptor. The bug
was fixed in 6.1-STABLE, just before release of 6.2-RELEASE, but was not recognized
as security vulnerability.
the reason for this post is to point out that Przemyslaw Frasunek (hot damn what a crazy name) said on his blog
QUOTE
"yet another local root vulnerability in freebsd 6.4 kernel (will be disclosed in two weeks)" ENDQUOTE
i have no idea when this was posted but check it out for yourself
CRAZY NAMED GUYS SITE
No comments:
Post a Comment