[mdlug] Linux root exploit
Raymond McLaughlin
driveray at ameritech.net
Thu Feb 14 22:24:50 EST 2008
Robert Meier wrote:
>> How did you determine [you did not have the feature reportedly exploited]?
>
> My principle method was of course to try the exploit before and after
> hearing others' reports on its symptoms.
>
> My preliminary method was to search the kernel source code for "vmsplice",
> the feature named by slashdot, LWM, and Milw0rm.
>
Never the less:
<http://www.novell.com/linux/security/advisories/2008_07_kernel.html>
> 1) Problem Description and Brief Discussion
>
> This kernel update fixes the following critical security problem:
>
> - CVE-2008-0600: A local privilege escalation was found in the
> vmsplice_pipe system call, which could be used by local attackers
> to gain root access.
>
> This bug affects the following products:
> - openSUSE 10.2 and 10.3
> - SUSE Linux Enterprise Realtime 10 (SP1)
>
> Fixed packages have been released for openSUSE 10.2 and 10.3.
>
> For SUSE Linux Enterprise Realtime 10 packages are being prepared
> currently.
>
> Since this problem affects Linux kernels starting with 2.6.17 and
> vmsplice was not back-ported, no older products are affected.
An update is available, and probably advisable.
More information about the mdlug
mailing list