FreeBSD swapgs local privilege escalation in All Things Unix http://www.dslreports.com/forum/r21052038 en Wed, 11 Nov 2009 02:28:27 EDT Wed, 11 Nov 2009 02:28:27 EDT Re: FreeBSD swapgs local privilege escalation http://www.dslreports.com/forum/remark,21052110 deblin :
said by Cabal See Profile :

'freedbsd-update'-d and done. Bugs in user-enabled mounting and icmp v6, too.
Yeah saw that in the cvsweb info. I guess -stable was already "fixed" a few revisions back, though it's not quite the same as the patch against RELENG_7_0.
--
He who is not contented with what he has, would not be contented with what he would like to have. -Socrates]]> http://www.dslreports.com/forum/remark,21052110 Wed, 03 Sep 2008 16:43:41 EDT Re: FreeBSD swapgs local privilege escalation http://www.dslreports.com/forum/remark,21052099 Cabal : 'freedbsd-update'-d and done. Bugs in user-enabled mounting and icmp v6, too.]]> http://www.dslreports.com/forum/remark,21052099 Wed, 03 Sep 2008 16:42:40 EDT FreeBSD swapgs local privilege escalation http://www.dslreports.com/forum/remark,21052038 deblin : There is a bug in how FreeBSD handles kernel/userland separation, in which the swapgs CPU instruction may be called twice, allowing an attacker to gain local privilege escalation.

Full details (and patches) are here:

http://security.freebsd.org/advisories/FreeBSD-SA-08:07.amd64.asc

The CVE is still under review.

This impacts only users of the amd64 arch. Note that it does not impact the i386 release on a 64-bit capable processor.
--
He who is not contented with what he has, would not be contented with what he would like to have. -Socrates]]> http://www.dslreports.com/forum/remark,21052038 Wed, 03 Sep 2008 16:31:09 EDT