Add to del.icio.us     Digg this

December 9, 2009

It has just been discovered that a critical security hole in the latest version of FreeBSD can be exploited to grant unprivileged users absolute full control over the operating system, a German researcher said Dec. 7.

The security bug is present in FreeBSD 8.0 and is known to affect versions 7.1 and 7.2 of the open-source OS as well, Nikolaos Rangos, a spokesperson for FreeBSD.

Rangos added that it was "unbelievably simple" to exploit. Shortly after he disclosed the flaw, other researchers said they were able to confirm the critical security flaw by replicating it on their own systems.

The security flaw resides in FreeBSD's so-called run-time link editor. A binary run by an unprivileged Unix user can be executed with administrative privileges in a restricted environment, Rangos said.

This would allow the user to obtain complete root access to the operating system.

All that's required to run the exploit code, which Rangos included in his post, is any standard SSH command shell.

To exploit the flaw, hackers and potential attackers would need local access to the vulnerable computer or server. To use the attack code remotely, it's conceivable it could be used in concert with another vulnerability, such as one residing in an Internet application running on the machine.

FreeBSD security officer Colin Percival said his team was the first to have heard of the reported vulnerability. The team is currently investigating, and will probably come up with a fix sooner rather than later.

"The security hole is in the most recent versions of FreeBSD and normally local root vulnerabilities are quickly patched by the FreeBSD maintainers," Percival said.

Overall, FreeBSD is an advanced operating system for x86 compatible, including Pentium® and Athlon™ CPUs, AMD 64 compatible including Opteron™, Athlon™64, and EM64T, ARM, IA-64, PowerPC, PC-98 and UltraSPARC® architectures.

It is derived from BSD, the version of the Unix® operating system developed at the University of California, Berkeley.

FreeBSD is developed and maintained by a large team of individuals. Additional platforms are in various stages of development.

FreeBSD offers networking, performance, security and compatibility features today which are still missing in other operating systems, even some of the best commercial ones, the company claims.

Add to del.icio.us     Digg this

Source: FreeBSD.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.