Mailinglist Archive: opensuse-security (33 mails)

< Previous Next >
Re: [opensuse-security] Possible local root exploit in the kernel
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Mon, 11 Feb 2008 12:22:59 +0100
  • Message-id: <20080211112259.GB10439@xxxxxxx>
On Sun, Feb 10, 2008 at 05:07:11PM -0600, Paul Elliott wrote:
On Sun, Feb 10, 2008 at 11:41:44PM +0100, Carlos E. R. wrote:

Hi,

I post this on request of another lister from the Spanish mail list; I
don't have personal knowledge of this problem. I would like to see comments
on this.


The vulnerability allows a user to become root with any kernel newer than
2.6.17 with vmsplice compiled in. Opensuse 10.3 is affected. A remote
attacker gaining access as an unprivileged user (flash hack?) could get
root privilege's.



I tried this under opensuse 10.3 kernel=kernel-default-2.6.22.16-0.2 x86.

Both the exploit and the kludge fix worked.


How long till we have a patch for this?

Are you going to call people in to fix it on sunday or wait and
have a meeting about it?

No, we are not calling in people on Sunday.

I am trying to get it out today, as I said.

Ciao, Marcus
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >