On Sun, Feb 10, 2008 at 11:41:44PM +0100, Carlos E. R. wrote:
Hi,
I post this on request of another lister from the Spanish mail list; I don't have personal knowledge of this problem. I would like to see comments on this.
The vulnerability allows a user to become root with any kernel newer than 2.6.17 with vmsplice compiled in. Opensuse 10.3 is affected. A remote attacker gaining access as an unprivileged user (flash hack?) could get root privilege's.
I tried this under opensuse 10.3 kernel=kernel-default-2.6.22.16-0.2 x86. Both the exploit and the kludge fix worked. How long till we have a patch for this? Are you going to call people in to fix it on sunday or wait and have a meeting about it? This bug is on slashdot. There must be thousands of hackers puting this one into metasploit right now! I bet they are putting it on hacked web pages! Speed is of the essence. -- Paul Elliott 1(512)837-1096 pelliott@io.com PMB 181, 11900 Metric Blvd Suite J http://www.io.com/~pelliott/pme/ Austin TX 78758-3117