FreeBSD security update - Related links

0

http://www.h-online.com

The FreeBSD developers have released new updates to their operating system to close three vulnerabilities. Users with restricted privileges can reportedly exploit all three holes to elevate their privileges. One of the vulnerabilities is caused by a design flaw recently also discovered and fixed in the kernel. It allows programming flaws to cause a NULL pointer dereference. A function pointer will in this case point to the (virtual) address 0, which is allocated to userland. This enables users to execute code at kernel privilege level.

Full story »
nanotech-spidergoat's picture
Created by nanotech-spidergoat 14 years 28 weeks ago – Made popular 14 years 28 weeks ago
Category: High End   Tags:

Similar stories

Null pointers, one month later 14 years 32 weeks ago
Much ado about NULL: Exploiting a kernel NULL dereference 14 years 5 days ago
Root exploit for Linux kernel published 14 years 39 weeks ago
Bug in latest Linux gives untrusted users root access 14 years 23 weeks ago
Null pointers, one month later 14 years 32 weeks ago

On July 16, Brad Spengler disclosed an easily-exploitable kernel vulnerability based on getting the kernel to dereference a null pointer. This security hole affected a version of the kernel which had not been widely distributed, so it was a problem for relatively few users, but it highlighted a class of problems which was sure to be seen again.

Much ado about NULL: Exploiting a kernel NULL dereference 14 years 5 days ago

We think that it's important for developers and system administrators to be more knowledgeable about the attacks that black hats regularly use to take control of systems, and so, today, we're going to start from where we left off and go all the way to a working exploit for a NULL pointer dereference in a toy kernel module.

Root exploit for Linux kernel published 14 years 39 weeks ago

Brad Spengler, the developer behind the Grsecurity project, has published an exploit for a vulnerability in the Tun interface in Linux kernel 2.6.30 and 2.6.18, used in Red Hat Enterprise Linux 5 (RHEL5), which can be exploited by attackers to obtain root privileges. Of particular interest is the fact that the exploit is even able to circumvent security extensions such as SELinux.

Bug in latest Linux gives untrusted users root access 14 years 23 weeks ago

A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system. The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable.

Root privileges through Linux kernel bug 13 years 34 weeks ago

A vulnerability has been reported in the Linux kernel's memory management allows applications to execute code at root privilege level. The flaw appears to have been introduced into the kernel with version 2.6

Fun with NULL pointers, part 2 14 years 37 weeks ago

But this exploit suggests that there could be a whole class of related problems in the kernel; there is a definite chance that similar vulnerabilities could be discovered - if, indeed, they have not already been found.

Linux exploit gets around security barrier 14 years 38 weeks ago

A security researcher has released zero-day code for a flaw in the Linux kernel, saying that it bypasses security protections in the operating system. The source code for the exploit was made available last week by researcher Brad Spengler on the Dailydave mailing list.

Vulnerabilities in sudo closed 14 years 7 weeks ago

Flawed sudo code allows users with limited privileges to obtain root privileges

Linux kernel vulnerabilities closed 14 years 18 weeks ago

Several Linux distributors are releasing updated kernel packages to close security holes in the kernel.

Best karma users

  1. andolasoft's picture
    andolasoft
  2. fred's picture
    fred
  3. nilarimogard's picture
    nilarimogard