[CentOS] local root exploit
Johnny Hughes
johnny at centos.org
Mon Feb 11 11:12:01 UTC 2008
Valent Turkovic wrote:
> I saw that there is a local root exploit in the wild.
> http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
>
> And I see my centos box still has: 2.6.18-53.1.4.el5
>
> yum says there are no updates... am I safe?
>
> Valent.
Define safe :)
The RHEL-5 (and therefore the centos-5) kernels ARE susceptible to this
issue, so no you are NOT safe.
Here is the upstream bug:
https://bugzilla.redhat.com/show_bug.cgi?id=432251
However, this issue is actively being worked by the upstream provider
and a fix will be released VERY soon.
This issue is not remotely exploitable and initially requires local user
access to gain root.
Here is more info on this issue as well:
https://www.redhat.com/archives/fedora-list/2008-February/msg01215.html
Thanks,
Johnny Hughes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080211/843f3a41/attachment.sig>
More information about the CentOS
mailing list