bugtraq より転載。
Upcoming FreeBSD Security Advisory
FreeBSD 8.0, 7.1 で動作する、ローカルから root を奪取できるスクリプトが、
公開されたため、急遽パッチがリリースされた模様
http://people.freebsd.org/~cperciva/rtld.patch
ただし、急拵えのため「ご利用は自己責任で」とのこと。
う~む、メンテナンスする人も大変だなぁ。。と思わせる文章。
>Normally it is the policy of the FreeBSD Security Team to not publicly
>discuss security issues until an advisory is ready, but in this case
>since exploit code is already widely available I want to make a patch
>available ASAP. Due to the short timeline, it is possible that this
>patch will not be the final version which is provided when an advisory
>is sent out; it is even possible (although highly doubtful) that this
>patch does not fully fix the issue or introduces new issues -- in short,
>use at your own risk (even more than usual).
公開された攻撃コード(exploit)はこちら。(11/30に公開、bugtraq に投稿されたコード)
** FreeBSD local r00t zeroday
http://seclists.org/fulldisclosure/2009/Nov/371
Upcoming FreeBSD Security Advisory
FreeBSD 8.0, 7.1 で動作する、ローカルから root を奪取できるスクリプトが、
公開されたため、急遽パッチがリリースされた模様
http://people.freebsd.org/~cperciva/rtld.patch
ただし、急拵えのため「ご利用は自己責任で」とのこと。
う~む、メンテナンスする人も大変だなぁ。。と思わせる文章。
>Normally it is the policy of the FreeBSD Security Team to not publicly
>discuss security issues until an advisory is ready, but in this case
>since exploit code is already widely available I want to make a patch
>available ASAP. Due to the short timeline, it is possible that this
>patch will not be the final version which is provided when an advisory
>is sent out; it is even possible (although highly doubtful) that this
>patch does not fully fix the issue or introduces new issues -- in short,
>use at your own risk (even more than usual).
公開された攻撃コード(exploit)はこちら。(11/30に公開、bugtraq に投稿されたコード)
** FreeBSD local r00t zeroday
http://seclists.org/fulldisclosure/2009/Nov/371