There was news about a Local Root Exploit for Linux 2.6 on Slashdot yesterday. It’s pretty serious, and it affects most of the recent 2.6 kernels from what I can gather, up to kernel 2.6.24.2 which is patched against this exploit. I don’t know much about the inner workings of the kernel, but it seems like it had something to do with not enough security checks when using the vm splice function.
A user on Blinkenshell decided to try this exploit out on the shell, and he almost succeeded. Instead of getting a root shell though, he froze the entire box which then rebooted. When it came back up online, the network settings was off since I forgot to change a config file after the IP change. When I finally got back on the machine, which is not entirely easy since I only have remote access which depends on the network being online, I tried the exploit myself and it froze up the machine once more.
I then had to patch and recompile the kernel and change out the old one remotely via ssh, which is kinda scary since you only get one shot at it (if it doesn’t boot you can’t go back and try again.) It turned out good though, and we now have a new, patched kernel running! 😀
And btw, don’t try and exploits things like these on your own, tell me about it instead. Otherwise you will end up like charlie, with your account disabled! >:)
