Wednesday, December 2, 2009

FreeBSD "local r00t zeroday" exploit patched

The FreeBSD security team has released a patch to correct a critical security flaw which has been confirmed to be present in the FreeBSD 8.0-RELEASE, FreeBSD 7.2-RELEASE, and FreeBSD 7.1-RELEASE operating systems. NullShells Networks has two DDoS Protected shell servers which run FreeBSD 7.2-STABLE; and these may have been vulnerable to this security flaw. However, both machines were immediately patched within 24 hours of the release of this exploit code.

The exploit code for the flaw was published on the Full Disclosure security mailing list, to which we are subscribed. This code allowed restricted users on a machine to circumvent standard security conventions present in the aforementioned operating systems. The problem was caused by a bug in rtld (run-time link editor), under which the LD_PRELOAD environment variable could be manipulated to load libraries which would normally require root privileges. In this case, rtld could be tricked into executing binaries with root privileges.

Fortunately, our 6.3-STABLE machines with our web hosting customers are not vulnerable to this exploit. All of our customers can be confident that we are doing our best to stay up to date with the latest versions and patches, while maintaining the security and integrity of our systems.

If you have a server running FreeBSD 8.0-RELEASE, FreeBSD 7.2-RELEASE, or FreeBSD 7.1-RELEASE then we recommend you patch your systems immediately. A restricted user on your machine could exploit this hole to compromise your entire server. You can find the FreeBSD security team's notice and a link to the temporary patch in their mail archives at http://docs.FreeBSD.org/cgi/mid.cgi?200912010120.nB11KeaW086655.