------------------------------------------------------------------------ Local root exploit for all Linux kernels from 2.6.17 to 2.6.24.1 http://nic.phys.ethz.ch/news/1202742500
Last weekend two local root exploits have been released to the public, one that affects 2.6.23 up to 2.6.23.14 and 2.6.24 ([1]CVE-2008-0009, [2]CVE-2008-0010) and [3]one that affects all versions beginning with 2.6.17 and up to 2.6.22.17, 2.6.23.15, and 2.6.24.1 ([4]CVE-2008-0600). There are new kernel releases available which fix these issues: 2.6.22.18, 2.6.23.16, and 2.6.24.2.
About half of our managed Linux workstations are already running a patched 2.6.24.1 kernel, the rest will be rebooted this evening after 10:00pm. Please logout this evening before you go home, save all unsafed work and don't start any long running jobs. To see if your workstation is still affected, [5]check our Big Brother: All workstations where the updates column ("upd") is yellow are not yet rebooted. You may also reboot your workstation yourself earlier.
References
1. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0009 2. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0010 3. http://lkml.org/lkml/2008/2/10/8 4. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600 5. http://bb.phys.ethz.ch/bb/bb2.html
------------------------------------------------------------------------ ISG News Mailinglist Go to https://webmail.phys.ethz.ch/mailman/listinfo/isg-news to unsubscribe or change your settings.
ISG Department Physik isg@phys.ethz.ch