** Description changed: Binary package hint: linux-image-2.6.15-54-server CVE Candidate is CVE-2009-2692 Exploit: http://seclists.org/fulldisclosure/2009/Aug/0180.html Patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98 I ran the exploit on a fully updated dapper server installation and got root from a normal user account. Mitigated, at least against this particular posted exploit, via creating /etc/modprobe.d/mitigate-2692.conf: install ppp_generic /bin/true install pppoe /bin/true install pppox /bin/true install slhc /bin/true + install bluetooth /bin/true + install ipv6 /bin/true + install irda /bin/true + install ax25 /bin/true + install ipx /bin/true + install appletalk /bin/true
-- Local root exploit via CVE-2009-2692 (incorrect proto_ops initializations) https://bugs.launchpad.net/bugs/413656 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
