Raj Kiran Grandhi wrote:
Please see:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464945
https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/190587
https://bugzilla.redhat.com/show_bug.cgi?id=432229
A local root exploit has been discovered in the linux kernel yesterday.
Virtually all the stock kernels provided by several distributions in the
past year appear to be vulnerable.
I am still hinting for a temporary fix, but till that I guess I'll have
to disable login access to all but a handful of absolutely trusted users.
I have attached a proof-of-concept source code that can be found in the
bug reports.
Too scary!
On kernels I compile myself, I just applied the patch from here:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44
recompiled my kernel, and exploit no longer works.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]