[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] Root exploit on vmsplice enabled kernels

To: DCGLUG <list@xxxxxxxxxxxxx>
Subject: [LUG] Root exploit on vmsplice enabled kernels
From: Robin Cornelius <robin.cornelius@xxxxxxxxx>
Date: Sun, 10 Feb 2008 21:29:17 +0000

Seems to effect Debian to name but one distro that turns on vmsplice,
including etch (current stable).

http://it.slashdot.org/article.pl?sid=08/02/10/2011257&from=rss

I've verified the example exploit and I can gain root access from my
normal user account.

Though this was worth mentioning, it should only be an issue if you
allow others to have accounts on you machine OR some other bug allows an
attacker to gain non root access.

Happy patching!

Robin

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html

Prev by Date: Re: [LUG] FLOSS in schools redux.
Next by Date: [LUG] Open Source applications for Windows
Previous by thread: [LUG] meeting sunday
Next by thread: [LUG] Open Source applications for Windows
Index(es):
- Date
- Thread