module
FreeBSD rtld execl() Privilege Escalation
| Disclosed |
|---|
| Nov 30, 2009 |
Disclosed
Nov 30, 2009
Description
This module exploits a vulnerability in the FreeBSD
run-time link-editor (rtld).
The rtld `unsetenv()` function fails to remove `LD_*`
environment variables if `__findenv()` fails.
This can be abused to load arbitrary shared objects using
`LD_PRELOAD`, resulting in privileged code execution.
This module has been tested successfully on:
FreeBSD 7.2-RELEASE (amd64); and
FreeBSD 8.0-RELEASE (amd64).
run-time link-editor (rtld).
The rtld `unsetenv()` function fails to remove `LD_*`
environment variables if `__findenv()` fails.
This can be abused to load arbitrary shared objects using
`LD_PRELOAD`, resulting in privileged code execution.
This module has been tested successfully on:
FreeBSD 7.2-RELEASE (amd64); and
FreeBSD 8.0-RELEASE (amd64).
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.