Mailinglist Archive: opensuse-security (33 mails)

< Previous Next >
Re: [opensuse-security] Possible local root exploit in the kernel
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Mon, 11 Feb 2008 12:22:59 +0100
  • Message-id: <20080211112259.GB10439@xxxxxxx>
On Sun, Feb 10, 2008 at 05:07:11PM -0600, Paul Elliott wrote:
On Sun, Feb 10, 2008 at 11:41:44PM +0100, Carlos E. R. wrote:


I post this on request of another lister from the Spanish mail list; I
don't have personal knowledge of this problem. I would like to see comments
on this.

The vulnerability allows a user to become root with any kernel newer than
2.6.17 with vmsplice compiled in. Opensuse 10.3 is affected. A remote
attacker gaining access as an unprivileged user (flash hack?) could get
root privilege's.

I tried this under opensuse 10.3 kernel=kernel-default- x86.

Both the exploit and the kludge fix worked.

How long till we have a patch for this?

Are you going to call people in to fix it on sunday or wait and
have a meeting about it?

No, we are not calling in people on Sunday.

I am trying to get it out today, as I said.

Ciao, Marcus
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >