[ILUG] kernel security hole
Rob Gallagher
rob.gallagher at gmail.com
Wed Feb 13 09:37:25 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/02/2008, Belgarath wrote:
> There is a security hole "splice: missing user pointer access verification
> (CVE-2008-0009/10)" (exploit exist as proof of concept) for all kernels
> between 2.6.12-2.6.24.1 (included) which allows any user get root access
> --
vmsplice() has cause several vulnerabilities recently, and it's
trivial to exploit:
http://www.milw0rm.com/exploits/5092
There are patches and updated kernel packages appearing for the various *nixs:
http://kerneltrap.org/Linux/Patching_CVE-2008-0600_Local_Root_Exploit
rg
- --
rob.gallagher (at) gmail.com || www.spoofedpacket.net || PK: 0x1DD13A78
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)
Comment: http://firegpg.tuxfamily.org
iEYEARECAAYFAkeyulUACgkQiSgypR3ROnjmcACgnn9rdkhAE59vHPG0g6eeoVwS
URcAniclkIGqpYCueaq3/BdxZtHwN4Zi
=3pDz
-----END PGP SIGNATURE-----
More information about the ILUG
mailing list