Patches for a much publicized Linux kernel local root exploit were released today as 2.6.24.2, 2.6.23.16, and 2.6.22.18. The latest bug, labeled as CVE-2008-0600, was introduced by the vmsplice() system call and added into the 2.6 kernel in 2.6.17. It is the third in a series of root exploits surrounding the same system call, the two earlier bugs being CVE-2008-0009 and CVE-2008-0010. Easily obtained exploits exist for both the older CVE-2008-0010 which affected the 2.6.23 and 2.6.24 kernels, and the latest CVE-2008-0600, allowing a local non-root user to gain root permissions.
Hi All,
A bit of an odd situation. I recently purchased $99/mth dedicated hardware from Cedant. It is running FreeBSD 6.1. The system seems to have no root user, and no way to access it. All of the following fail:
"su" - FAILS (sorry)
"sudo" - FAILS (command not found)
"passwd root" - FAILS (passwd: permission denied)
| Linux Bootup hangs after adding RealTime Premption and HR-Timer | 59 minutes ago | Linux kernel |
| SATA 2 size problems | 2 hours ago | Windows |
| problem with 2.6 kernel driver for a USB MAG Stripe Reader as HID device. | 14 hours ago | Linux kernel |
| get_user_pages failure | 16 hours ago | Linux kernel |
| Reading linux kernel | 17 hours ago | Linux kernel |
| High level of Seagate 2.5" SATA drives failing | 23 hours ago | Hardware |
| Resetting the bios password for Toshiba Laptop | 1 day ago | Hardware |
| Linux 2.6.22 slowly RUNS OUT OF LOWMEM | 1 day ago | Linux kernel |
| Questions about modules | 1 day ago | Linux kernel |
| KDB | 2 days ago | Linux kernel |
