Bug#465246: user->root exploit in vmsplice()
Package: linux-image-2.6.18-6-686
Version: 2.6.18.dfsg.1-17etch1
Severity: important
There is a bug in vmsplice from 2.6.17 to 2.6.24.1 that can be
exploited by any user process to gain root privileges.
info is here
http://isc.sans.org/newssummary.html
which links to the source code for the exploit here:
http://www.milw0rm.com/exploits/5092
...which has been tested, and works like a charm.
Also here:
http://www.isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt
...which describes the exploit in more detail.
Reply to: