Computer Security
[EN] securityvulns.ru no-pyccku


FreeBSD privilege escalation
updated since 01.12.2009
Published:04.12.2009
Source:
SecurityVulns ID:10429
Type:local
Threat Level:
7/10
Description:It's possible to bypass environment variables filtering on suid program execution.
Affected:FREEBSD : FreeBSD 7.1
 FREEBSD : FreeBSD 7.2
 FREEBSD : FreeBSD 8.0
CVE:CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.)
 CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:16.rtld (04.12.2009)
 documentKingcope Kingcope, ** FreeBSD local r00t zeroday (01.12.2009)
Files:FreeBSD local r00t zeroday exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod