A FreeBSD exploit that grants OS root access to unprivileged users was published yesterday on the Full Disclosure mailing list by Nikolaos Rangos, a German researcher that has been auditing FreeBSD for local root bugs for a long time.
“The bug resides in FreeBSD’s run-time link editor. A binary run by an unprivileged user can be executed with administrative privileges in a restricted environment. That allows the user to obtain root access to the system. All that’s required to run the exploit code is a command shell,” Rangos told The Register.
The bug affects the latest (8.0) and 7.1 and 7.2 version of the OS. The FreeBSD maintainers released an advisory with a temporary patch and announced that a full security advisory concerning this issue will be released on December 2nd – possibly with a further refined patch.