A local root exploit has been released some few days ago. This very critical failure allows a local user to gain root access on a machine, using a bug in the system function vmsplice().
Kernel version concerned is 2.6. (Linux 2.6.17 - 2.6.24.1) To fix it you need to upgrade your kernel, and of course reboot the machine. That makes this security hole even more critical for an update under debian : > aptitude update > aptitude ugrade > aptitude dist-upgrade > and reboot ! > Gues it is the same under Ubuntu ... Here is the Debian security report: http://www.debian.org/security/2008/dsa-1494 Details about the exploit : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953 http://lwn.net/SubscriberLink/268783/c6a3f3433044e10b/ (not read!) I have personnaly tried it (link in French : http://www.tux-planet.fr/blog/?2008/02/12/224-local-root-exploit-sous-linux) and it is very impressive (and scary !) If you don't have an open access to your machine from the outside world you are relatively safe ... but never know ! Cordially,
_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
