Ow Mun Heng wrote:
There was a disclosure in bugtraq/full-disclosure on this issue.
Main thread is here
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047831.html
Workround is here
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047868.html
Proof of concept is here
http://www.milw0rm.com/exploits/2006
This is on a GentooLInux Box 2.6.16-suspend2-r1 kernel.
updating to gentoo sources 2.6.16-r12 (2.6.16.24) or 2.6.17-r2
(2.6.17.4) also fixes it. genpatch-2.6.16-14 is the important file if
you're using other sources and the ebuild for
suspend2-sources-2.6.16-r11 includes it.
kashani
--
gentoo-user@gentoo.org mailing list