OSVDB ID: 84286

Title: BSD wump Local Environment Variable Handling Local Privilege Escalation

Info

Disclosure

Jul 20, 2012

Discovery

Mar 11, 1996

Dates

Exploit

Jul 20, 2012

Solution

Unknown

Description

FreeBSD contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error occurs in wump during the handling of a local environment variable. This may allow a local attacker to gain escalated root privileges.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Authentication Required

Solution

Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: reduce privileges on wump.

Products

The FreeBSD Project

FreeBSD

2.1.0

References

Generic Exploit URL: http://osvdb.org/ref/84/bsd-wump.sh

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84286