FreeBSD rushes out zero-day root patch

The team behind the open-source operating system has moved quickly to close a flaw that gives local users administrative privileges to run any code they choose
Written by Tom Espiner, Contributor

The security team for the open-source FreeBSD operating system has rushed out a patch for a zero-day local root vulnerability.

The zero-day was published on the Full Disclosure mailing list on Monday, and the patch was made available on the same day. The vulnerability gives local users administrative privileges which allow them to run any code they choose.

The flaw affects recent versions, and resides in the run-time link editor, according to Nikolaos Rangos, the security researcher also known as Kingcope.

Colin Percival, a FreeBSD security officer, told ZDNet UK on Tuesday that the issue was serious, as exploit code was available on the internet.

"I consider all vulnerabilities to be serious if they can be exploited," Percival said in an email interview. "On systems which are vulnerable, yes, this is simple to exploit. But most issues are simple to exploit once someone publishes exploit code."

Percival said that certain system configurations were not vulnerable. "Systems without untrusted local users are not affected by this," he wrote. "Systems which only host jails [an operating-system-level virtualisation partition] are not affected by this. Systems where all the directories in which untrusted users can create files are mounted with the noexec option are not affected by this."

However, the issue was serious enough for FreeBSD to rush out a patch on Monday.

"Normally it is the policy of the FreeBSD Security Team to not publicly discuss security issues until an advisory is ready, but in this case since exploit code is already widely available I want to make a patch available ASAP," wrote Percival on the mailing list, adding the caveat that the patch may not fully fix the issue.

Editorial standards