[mdlug] Linux root exploit

Raymond McLaughlin driveray at ameritech.net
Thu Feb 14 22:24:50 EST 2008


Robert Meier wrote:

>> How did you determine [you did not have the feature reportedly exploited]?
> 
> My principle method was of course to try the exploit before and after
> hearing others' reports on its symptoms.
> 
> My preliminary method was to search the kernel source code for "vmsplice",
> the feature named by slashdot, LWM, and Milw0rm.
> 

Never the less:
<http://www.novell.com/linux/security/advisories/2008_07_kernel.html>

> 1) Problem Description and Brief Discussion
> 
>    This kernel update fixes the following critical security problem:
> 
>    - CVE-2008-0600: A local privilege escalation was found in the
>      vmsplice_pipe system call, which could be used by local attackers
>      to gain root access.
> 
>    This bug affects the following products:
>    - openSUSE 10.2 and 10.3
>    - SUSE Linux Enterprise Realtime 10 (SP1)
> 
>    Fixed packages have been released for openSUSE 10.2 and 10.3.
> 
>    For SUSE Linux Enterprise Realtime 10 packages are being prepared
>    currently.
> 
>    Since this problem affects Linux kernels starting with 2.6.17 and
>    vmsplice was not back-ported, no older products are affected.

An update is available, and probably advisable.





More information about the mdlug mailing list