-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I post this on request of another lister from the Spanish mail list; I don't have personal knowledge of this problem. I would like to see comments on this. The vulnerability allows a user to become root with any kernel newer than 2.6.17 with vmsplice compiled in. Opensuse 10.3 is affected. A remote attacker gaining access as an unprivileged user (flash hack?) could get root privilege's. Solutions: - recompile kernel without vmsplice - use dynamic patcher from http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c it uses the exploit to patch the kernel in memory, disabling vmsplice. Compile with cc -o disable-vmsplice-if-exploitable disable-vmsplice-if-exploitable.c and run as user. It could be added to "/etc/rc.d/rc.local" till an update is made available. - ---- That's all the information I have. - -- Cheers -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHr32ptTMYHG2NR9URAt5sAKCR5Zam/fcLch9M0pm1nLoraxzp1gCbBaTM QktfJNQHlT21BTUIAo9rluk= =XBsl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org