On Sun, Feb 10, 2008 at 05:07:11PM -0600, Paul Elliott wrote:
On Sun, Feb 10, 2008 at 11:41:44PM +0100, Carlos E. R. wrote:
Hi,
I post this on request of another lister from the Spanish mail list; I don't have personal knowledge of this problem. I would like to see comments on this.
The vulnerability allows a user to become root with any kernel newer than 2.6.17 with vmsplice compiled in. Opensuse 10.3 is affected. A remote attacker gaining access as an unprivileged user (flash hack?) could get root privilege's.
I tried this under opensuse 10.3 kernel=kernel-default-2.6.22.16-0.2 x86.
Both the exploit and the kludge fix worked.
How long till we have a patch for this?
Are you going to call people in to fix it on sunday or wait and have a meeting about it?
No, we are not calling in people on Sunday. I am trying to get it out today, as I said. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org