New Vulnerability in FreeBSD

freebsdNew security vulnerability have been discovered in FreeBSD, this bug allow a limited right user to gain a complete control over the system (root privileges).

This Bug concerns FreeBSD version 6.0 to 6.4 while the last two versions that are widely used FreeBSD Version 7.1 and higher are not affected.

According to Przemyslaw Frasunek an independent security consultant the bug is the result of a race condition in the FreeBSD kqueue that leads to a NULL pointer dereference in kernel mode. Attackers can cause vulnerable systems to run malware by putting the code in a memory page mapped to address 0x0.

Here you can find the video demonstrating how to exploit this vulnerability by Frasunek.

make sure you subscribe to my RSS feed!