Mailinglist Archive: opensuse-security (33 mails)
| < Previous | Next > |
Re: [opensuse-security] Possible local root exploit in the kernel
- From: Paul Elliott <pelliott@xxxxxx>
- Date: Sun, 10 Feb 2008 17:07:11 -0600
- Message-id: <20080210230711.GA12030@xxxxxx>
On Sun, Feb 10, 2008 at 11:41:44PM +0100, Carlos E. R. wrote:
I tried this under opensuse 10.3 kernel=kernel-default-2.6.22.16-0.2 x86.
Both the exploit and the kludge fix worked.
How long till we have a patch for this?
Are you going to call people in to fix it on sunday or wait and
have a meeting about it?
This bug is on slashdot. There must be thousands of hackers puting
this one into metasploit right now! I bet they are putting it
on hacked web pages! Speed is of the essence.
--
Paul Elliott 1(512)837-1096
pelliott@xxxxxx PMB 181, 11900 Metric Blvd Suite J
http://www.io.com/~pelliott/pme/ Austin TX 78758-3117
Hi,
I post this on request of another lister from the Spanish mail list; I
don't have personal knowledge of this problem. I would like to see comments
on this.
The vulnerability allows a user to become root with any kernel newer than
2.6.17 with vmsplice compiled in. Opensuse 10.3 is affected. A remote
attacker gaining access as an unprivileged user (flash hack?) could get
root privilege's.
I tried this under opensuse 10.3 kernel=kernel-default-2.6.22.16-0.2 x86.
Both the exploit and the kludge fix worked.
How long till we have a patch for this?
Are you going to call people in to fix it on sunday or wait and
have a meeting about it?
This bug is on slashdot. There must be thousands of hackers puting
this one into metasploit right now! I bet they are putting it
on hacked web pages! Speed is of the essence.
--
Paul Elliott 1(512)837-1096
pelliott@xxxxxx PMB 181, 11900 Metric Blvd Suite J
http://www.io.com/~pelliott/pme/ Austin TX 78758-3117
| < Previous | Next > |