search PRIV & ALL sites linked here

Thursday, October 8, 2009

frasunek is bitchmade.

"Hi! My name is Przemyslaw! I hope everyone enjoys my codez. I promise i tried to release them sooner but the FreeBSD security team ignored my frantic emails. I didn't want them to fall in the hands of some hacker before all my dumb admin buddies had a chance to patch"
More than a month after he posted videos of himself using the kqueue() related pipe (fbsd 6.4) and devfs(fbsd <7.2) the whitefag releases his exploits to the pub.

http://www.frasunek.com/pipe.txt

FreeBSD 6.4 and below are vulnerable to race condition between pipeclose() and
knlist_cleardel() resulting in NULL pointer dereference. The following code
exploits vulnerability to run code in kernel mode, giving root shell and
escaping from jail.

http://www.frasunek.com/devfs.txt

FreeBSD 7.2 and below (including 6.4) are vulnerable to race condition in VFS
and devfs code, resulting in NULL pointer dereference. In contrast to pipe race
condition, this vulnerability is actually much harder to exploit."

____


In other News:

Milw0rm.com seems to be dead, here is a mirror of the archives.
Posted by builder at 2:52 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)