[Gloucs] Linux kernel vulnerability

Matthew Booth mbooth at redhat.com
Mon Feb 11 10:47:12 GMT 2008


Iain Calder wrote:
> On 10/02/2008, Glyn Davies <glynd at walmore.com> wrote:
>> The LUGmaster list had a few posts concerning a local user vulnerability
>> in kernels since 2.6.17. This appears to have surfaced a few days ago.
>>
>> I don't have user friendly details but to quote from the posting, "it is
>> currently listed on http://isc.sans.org/newssummary.html as "Linux
>> Kernel 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit"
> 
> 
> 
> Thanks for posting this Glyn, I hadn't spotted it.  If anyone is running
> Centos 5 (and presumably RHEL 5) I can confirm it is exploitable in the
> default setup.
> 

You can follow the fun here:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-0600

Matt

-- 
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services

M:       +44 (0)7977 267231
GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://mailman.lug.org.uk/pipermail/gloucs/attachments/20080211/f3108550/signature.bin


More information about the gloucs mailing list