Re: Serious local root exploit in linux kernel

To: debian-user <debian-user@lists.debian.org>
Subject: Re: Serious local root exploit in linux kernel
From: Jeff D <fixedored@gmail.com>
Date: Sun, 10 Feb 2008 18:01:01 -0800
Message-id: <[🔎] 47AFAC5D.4070202@gmail.com>
In-reply-to: <[🔎] 47AFA91C.3050502@gmail.com>
References: <[🔎] 47AFA91C.3050502@gmail.com>

Raj Kiran Grandhi wrote:

Please see:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464945
https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/190587
https://bugzilla.redhat.com/show_bug.cgi?id=432229
A local root exploit has been discovered in the linux kernel yesterday.Virtually all the stock kernels provided by several distributions in thepast year appear to be vulnerable.
I am still hinting for a temporary fix, but till that I guess I'll haveto disable login access to all but a handful of absolutely trusted users.
I have attached a proof-of-concept source code that can be found in thebug reports.
Too scary!



On kernels I compile myself, I just applied the patch from here:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44

recompiled my kernel, and exploit no longer works.

Reply to:

Follow-Ups:
- Re: Serious local root exploit in linux kernel
  - From: Jaime Tarrant <jaime.tarrant@cleanatheart.com>

References:
- Serious local root exploit in linux kernel
  - From: Raj Kiran Grandhi <grajkiran@gmail.com>

Prev by Date: Re: (no subject)
Next by Date: Re: Video card suggestion
Previous by thread: Re: Serious local root exploit in linux kernel
Next by thread: Re: Serious local root exploit in linux kernel
Index(es):
- Date
- Thread