TUCoPS :: BSD :: bt-21779.htm

FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit

Better a bottle in front of me than a frontal lobotomy.

FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit
FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit



FreeBSD 6.4 and below are vulnerable to race condition between pipeclose() and
knlist_cleardel() resulting in NULL pointer dereference. The following code
exploits vulnerability to run code in kernel mode, giving root shell and
escaping from jail.

http://www.frasunek.com/pipe.txt 

The bug was fixed a week ago and official security advisory was issued:

http://security.freebsd.org/advisories/FreeBSD-SA-09:13.pipe.asc 

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com ** NICHDL: PMF9-RIPE * 
* Jabber ID: venglin@czuby.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ5JIV * 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH