Kernel security flaw??
keepertoad at verizon.net
Sun Feb 24 22:13:03 UTC 2008
On Sun, 2008-02-24 at 15:00 -0700, Karl Larsen wrote:
> geoffrey froner wrote:
> > I saw the following report at the Gentoo site. Not being an expert with
> > Linux, I am at a loss to understand the impact. Is this something Ubuntu
> > users need be concerned? Is there already a patch for this problem?
> > "Two *major security flaws in the Linux kernel* were reported last weekend.
> > Both flaws have the same impact (*root access for local users*) and both
> > exist within the vmsplice() system call, which was added to the kernel in
> > 2.6.17. There is no configuration option to exclude vmsplice() so *everyone
> > is vulnerable."
> > TIA
> > Geoffrey
> > *
> Well this is a problem since if someone can get on your computer
> they can ruin it. I know from experience that a simple user password can
> be used by a ssh user to get access to my computer. Now my password for
> user karl is not simple.
> If you have a simple password for your user login, change it to a
> good one like wq2TyFg.
> Karl F. Larsen, AKA K5DI
> Linux User
> #450462 http://counter.li.org.
> PGP 4208 4D6E 595F 22B9 FF1C ECB6 4A3C 2C54 FE23 53A7
Doesn't the subject exploit have to do with *local* user? If so, ssh
attack is seperate issue.
Ubuntu 7.10, Linux 2.6.22-14-generic unknown 17:11:02 up 3 days, 9:06, 1
user, load average: 0.03, 0.07, 0.10
More information about the ubuntu-users