Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Local root exploit

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      http://www.dslreports.com/forum/r23418065-WARNING-FreeBSD-78-users-Local-root-exploit-patch-out

      I really don't know a lot about freebsd, but since pfsense is based on it, is it a problem??

      Will it get patched?

      Thanks

      Alex

      1 Reply Last reply Reply Quote 0
      • D
        danswartz
        last edited by

        Not really an issue, since it pertains to non-root users getting root privs via a shell.  If you don't have sshd turned on in pfsense, this would not be an issue, I would think. Even if you DO, pfsense ssh access is usually to root anyway.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          The current stable release (1.2.2) is on FreeBSD 7.0, which isn't affected. It's only local privilege escalation, which in the case of pfSense isn't really an issue - if you can log in, you have root, so there isn't anything to escalate.

          With that said, yes, as soon as the official fix is committed to FreeBSD, our snapshots for 1.2.3 and 2.0 will have the fix. As will the 1.2.3 final release, which is awaiting a patch for the SSL/TLS renegotiation issues that we've been expecting for weeks now, hopefully that will come out soon as well. That's the only thing holding up 1.2.3 right now.

          1 Reply Last reply Reply Quote 0
          • P
            phospher
            last edited by

            @cmb:

            With that said, yes, as soon as the official fix is committed to FreeBSD, our snapshots for 1.2.3 and 2.0 will have the fix. As will the 1.2.3 final release, which is awaiting a patch for the SSL/TLS renegotiation issues that we've been expecting for weeks now, hopefully that will come out soon as well. That's the only thing holding up 1.2.3 right now.

            as you probably already know the SSL/TLS patches have been released by FreeBSD.

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              Yep, and the 1.2.3 release is actively being rolled.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.