Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Bug Discovered in FreeBSD, Emergency Patch Released

Critical local root vulnerability has been found in FreeBSD, the open source OS, which could let an attacker execute malicious code on a vulnerable computer. However, people behind making FreeBSD have issued a relevant and hasty security patch to fix the flaw.

With the flaw becoming public, a computer attacker named Kingcope created an associated attack code which, according to security researchers, was unexceptionally easy.

It is also learnt that the vulnerability affects FreeBSD 8.0, and also existed in versions 7.1 and 7.2. Further, the bug lies in the link editor of FreeBSD, which could enable a hacker to hijack a server wholly through security flaws within web applications.

Reports also state that a user without administrative rights can carry out a binary operation using privileges in restricted conditions. Consequently, the user can gain control of the computer's root system, all of which are necessary to execute the attacker's code.

Soon as the flaw became publicly known, Colin Percival, Security Officer at FreeBSD, announced that a patch was available that more-or-less fixed the flaw, as reported by MXLogic on December 2, 2009. The officer, nevertheless, cautioned that since a patch was immediately required, the program was designed more with speed into consideration than precision. He also stressed that users downloading and installing the patch would themselves be liable for any consequences.

Percival further stated that usually the FreeBSD Security Team didn't publicly talk about security problems till an advisory was available, but in the current instance, as an attack code was widely obtainable, he wanted to develop and release a patch ASAP, as reported by ZDNet on December 1, 2009.

Percival added that since the time period for making and releasing the patch was short, the patch might not be the ultimate edition that came with an advisory.

According to the security researchers, the attack code represents a first one, recently posted, in connection with an open source operating system. The attack codes that were recently posted targeted Google or Microsoft applications.

Related article: Bugs Swell In Browsers in 2006

ยป SPAMfighter News - 14-12-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next