[ILUG] kernel security hole
Justin Mason
jm at jmason.org
Wed Feb 13 11:18:00 GMT 2008
FRLinux writes:
>On Feb 13, 2008 10:48 AM, David Howe <david.howe at howesystems.com> wrote:
>> Does anyone know if you require sudo enabled in order to run the exploit?
>
>No, normal user with no privileges will be able to crack your box in
>10 seconds. Works on most kernels including all xen ones and even
>GRsec/PaX/SELinux ones. Scary stuff really.
more details at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953
There are "live" hotfixes, but they seem to cause instability, so
best avoided.
--j.
More information about the ILUG
mailing list