 |
|
|
|
FreeBSD privilege escalation
updated since 01.12.2009 | | Published: |  | 04.12.2009 | | Source: |  | FULL-DISCLOSURE | | SecurityVulns ID: |  | 10429 | | Type: |  | local | | Level: |  | 7/10 | | Description: |  | It's possible to bypass environment variables filtering on suid program execution. |
| Affected: |  | FREEBSD : FreeBSD 7.1 | | | | FREEBSD : FreeBSD 7.2 | | | | FREEBSD : FreeBSD 8.0 | | CVE: |  | CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.) | | | | CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.) |
|
|
|
|
|
|
|
|
