Thursday, October 8, 2009

FreeBSD 6.4 root shell exploit 0day

FreeBSD 6.4 and below are vulnerable to race condition between pipeclose() and
knlist_cleardel() resulting in NULL pointer dereference. The following code
exploits vulnerability to run code in kernel mode, giving root shell and
escaping from jail.


The bug was fixed a week ago and official security advisory was issued:

No comments: