Slashdot Mirror

← Back to Stories (view on slashdot.org)

FreeBSD Kernel Leak

Posted by Hemos on from the batten-the-hatches dept.

Pine Digital Security announced a FreeBSD kernel leak, found when auditing a customer. The leak can be exploited to panic the server or elevate privileges. FreeBSD swiftly updated CVS, a security advisory will probably follow. Both the -RELEASE branch and -CURRENT branch are vulnerable.

6 of 81 comments (clear)

  1. Re:Does not affect OpenBSD or NetBSD by CoolVibe · · Score: 5, Informative
    Troll.

    Where in the story posting does it say that involves NetBSD and/or OpenBSD? It states clearly that it's a FreeBSD bug. And one that's already fixed in CVS to boot.

  2. Re:Slashdot hype linkdumping at your service by CoolVibe · · Score: 4, Insightful

    Read the advisory. The bug was fixed first, and then the advisory was released. Also, this security related issue isn't easy to exploit. Calling that syscall 2^31 times certainly takes a while :)

  3. Re:Does not effect OpenBSD or NetBSD by jasonditz · · Score: 5, Funny

    Let me just remind you all that this bug does NOT effect the OS/2 Warp 3.0 kernel.

    I repeat, the OS/2 Warp kernel is not effected!

  4. thanks, and please ignore the jerks by phippy · · Score: 4, Insightful

    i appreciate postings like this, but as usual, any good discussion about the problem is zero on slashdot.

    every time there is a mention of linux or xBSD or whatever OS having a problem, people who don't use it come out of the woodwork to say "LOOK! It sucks! It's broken! HaHaHa! We Win!".

    how old are you people ? (mentally?)
    no wonder why other tech-based sites have no respect for slashdot discussions.

  5. In case you didn't figure it out from the article by edhall · · Score: 5, Informative

    This is a local vulnerability; it doesn't, in and of itself, make servers vulnerable. Even if someone has a local account on a system, it takes hours of CPU time to perform an exploit.

    It looks like the bug (and the fix) were already announced (and committed to CVS) but that the possibility of using the bug in an exploit was not revealed until now (and might not even have been appreciated by the original reporter).

    -Ed
  6. Re:Rackspace by xA40D · · Score: 5, Informative

    if I use FreeBSD then I will be hacked.

    Not exactly a reprasentative poll but...

    I use FreeBSD. I work in an office with 7 other people who all use RedHat. Out of the 8 of us, over the past 2 years, I'm the only one never to have been hacked.

    The job I had before this was with an ISP which used FreeBSD for all their core systems. And in their whole history they had only ever had one FreeBSD system hacked, and that turned out to be an ex-employee who had added his public key to someobody elses authorized_keys file.

    --
    Do you mind, your karma has just run over my dogma.