Full title: FreeBSD rtld execl() Privilege Escalation Exploit 
Category: remote exploits
Platform: freebsd
This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects using LD_PRELOAD, resulting in privileged code execution.

# 0day.today @ http://0day.today/