[Bug 191208] Re: [linux-source] missing access checks, possible local root exploit

hk47 bugtracker at slideomania.com
Tue Feb 12 11:02:28 UTC 2008


See also:
MDVSA-2008:043 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:043)

"A flaw in the vmsplice system call did not properly verify address
arguments passed by user-space processes, which allowed local attackers
to overwrite arbitrary kernel memory and gain root privileges.

Mandriva urges all users to upgrade to these new kernels immediately
as this flaw is being actively exploited. This issue only affects
2.6.17 and newer Linux kernels, [...]"

And:
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00004.html

"Hi folks,

As you are undoubtly aware a new local root exploit has been 
discovered on the weekend and reported to a wide audience.

The CVE identifier is CVE-2008-0600.

The problem affects only kernels 2.6.17 and newer, so it affects
only following of our products:
- openSUSE 10.2         (2.6.18.x kernel)
- openSUSE 10.3         (2.6.22.x kernel)"

** Summary changed:

- [linux-source] missing access checks
+ [linux-source] missing access checks, possible local root exploit

-- 
[linux-source] missing access checks, possible local root exploit
https://bugs.launchpad.net/bugs/191208
You received this bug notification because you are a member of Kernel
Bugs, which is a bug contact for linux-meta in ubuntu.




More information about the kernel-bugs mailing list