Jeff D wrote:
Raj Kiran Grandhi wrote:
Please see:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464945
https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/190587
https://bugzilla.redhat.com/show_bug.cgi?id=432229
A local root exploit has been discovered in the linux kernel
yesterday. Virtually all the stock kernels provided by several
distributions in the past year appear to be vulnerable.
I am still hinting for a temporary fix, but till that I guess I'll
have to disable login access to all but a handful of absolutely
trusted users.
I have attached a proof-of-concept source code that can be found in
the bug reports.
Too scary!
On kernels I compile myself, I just applied the patch from here:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44
recompiled my kernel, and exploit no longer works.
I applied the patch recommended by Jeff D to Debian kernel 2.6.24.1 and
it worked. Thanks!
There is also a related patch for completeness (for kernels 2.6.23.x and
up I believe)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8811930dc74a503415b35c4a79d14fb0b408a361
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
