The need for email archiving
Without an effective system for archiving emails, organisations can find themselves unable to recover vital business records, leaving them open..
ZDNet UK / News and Analysis / Security / Security Threats
FreeBSD rushes out zero-day root patch
NEWS
The security team for the open-source FreeBSD operating system has rushed out a patch for a zero-day local root vulnerability.
The zero-day was published on the Full Disclosure mailing list on Monday, and the patch was made available on the same day. The vulnerability gives local users administrative privileges which allow them to run any code they choose.
The flaw affects recent versions, and resides in the run-time link editor, according to Nikolaos Rangos, the security researcher also known as Kingcope.
Colin Percival, a FreeBSD security officer, told ZDNet UK on Tuesday that the issue was serious, as exploit code was available on the internet.
"I consider all vulnerabilities to be serious if they can be exploited," Percival said in an email interview. "On systems which are vulnerable, yes, this is simple to exploit. But most issues are simple to exploit once someone publishes exploit code."
Percival said that certain system configurations were not vulnerable. "Systems without untrusted local users are not affected by this," he wrote. "Systems which only host jails [an operating-system-level virtualisation partition] are not affected by this. Systems where all the directories in which untrusted users can create files are mounted with the noexec option are not affected by this."
However, the issue was serious enough for FreeBSD to rush out a patch on Monday.
"Normally it is the policy of the FreeBSD Security Team to not publicly discuss security issues until an advisory is ready, but in this case since exploit code is already widely available I want to make a patch available ASAP," wrote Percival on the mailing list, adding the caveat that the patch may not fully fix the issue.
Related stories
Post your comment
In order to post a comment you need to be registered and logged in
Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ
ZDNet UK Live
Oracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/cDUyaj
39 minutes ago on Twitter by KC616 free shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/cWcW1e
39 minutes ago on Twitter by KC616
Cyberwar defence plan is essential, says former CIA head: Michael Hayden, former head of the CIA and the National ... http://bit.ly/beLpKQ
1 hour ago on Twitter by SpyScroll
SAP leads businesses into augmented reality http://bit.ly/9eMWYp | #Droid #Android
1 hour ago on Twitter by Droid_News
free shipping wholesale products: We mainly supply top mirror quality brand name products, such as wholesale handb... http://bit.ly/cWcW1e
1 hour ago on Twitter by wholesalegurru
Cyberwar defence plan is essential, says former CIA head: Michael Hayden, former head of the CIA and the N... http://bit.ly/9sn6ax #pdln4nx
1 hour ago on Twitter by CNSInstructor
Oracle signs Solaris deals with HP and Dell http://bit.ly/9KVeqD
2 hours ago on Twitter by AllAboutFashion
SAP leads businesses into augmented reality http://bit.ly/9eMWYp | #Droid #Android
2 hours ago on Twitter by Droid_Phone TalkTalk to sell mobile services via Vodafone deal http://bit.ly/bLVfxI | #Droid #Android
2 hours ago on Twitter by Droid_Phone Oracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/cDUyaj
2 hours ago on Twitter by wholesalegurru free shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/cWcW1e
2 hours ago on Twitter by wholesalegurru
DoJ joins whistleblower in Oracle fraud suit http://bit.ly/bMT3SJ
2 hours ago on Twitter by felixsprisci
Update: free shipping wholesale products - ZDNet UK (... http://www.actahandbags.com/trends/free-shipping-wholesale-products-zdnet-uk-blog/
2 hours ago on Twitter by actatrudy
free shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/bRvFgG
2 hours ago on Twitter by lisabarnes001
free shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/9CXYG9
2 hours ago on Twitter by mensapparel2010
free shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/alnVOR
2 hours ago on Twitter by womensapparel20
free shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/cWcW1e
2 hours ago on Twitter by SharonFashion
Security guru demonstrates ATM machine hack http://bit.ly/augzs1
2 hours ago on Twitter by ProtegoSS
UK deems Google Wi-Fi data snatch safe: (Sign In or register below) Google moves to show YouTube has 'a very credi... http://bit.ly/9vHweP
2 hours ago on Twitter by kompasstechLatest in Security Threats
Featured white papers
Dell Data Storage Summary
This study was conducted in the United States amoung IT decision makers with involvement in data centre purchases at companies..
Datasheet: Infrastructure as a Service
'Infrastructure as a Service' gives enterprises the flexibility to subscribe to the compute power and storage they require today with 'pay..
