Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22581
HistoryOct 09, 2009 - 12:00 a.m.

FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit

2009-10-0900:00:00
vulners.com
7

FreeBSD 6.4 and below are vulnerable to race condition between pipeclose() and
knlist_cleardel() resulting in NULL pointer dereference. The following code
exploits vulnerability to run code in kernel mode, giving root shell and
escaping from jail.

http://www.frasunek.com/pipe.txt

The bug was fixed a week ago and official security advisory was issued:

http://security.freebsd.org/advisories/FreeBSD-SA-09:13.pipe.asc