Raj Kiran Grandhi wrote:
Please see:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464945
https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/190587
https://bugzilla.redhat.com/show_bug.cgi?id=432229
A local root exploit has been discovered in the linux kernel
yesterday. Virtually all the stock kernels provided by several
distributions in the past year appear to be vulnerable.
I am still hinting for a temporary fix, but till that I guess I'll
have to disable login access to all but a handful of absolutely
trusted users.
I have attached a proof-of-concept source code that can be found in
the bug reports.
Too scary!
On kernels I compile myself, I just applied the patch from here:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44
recompiled my kernel, and exploit no longer works.