Paraphrasing lwn.net, by using a specially manipulated ELF binary, a local attacker can root the system via the core dump code.
Applies to all kernels from 2.2 through 2.6.12-rc4. Fix (for binfmt_elf.c) is in 2.6.11.9 and appears to also apply to 2.6.12-rc. So far, no word on fix for 2.4. Ken -- das eine Mal als Trag�die, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/lfs-security FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
