[转载]Patching CVE-2008-0600, Local Root Exploit
信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])> There is a security hole "splice: missing user pointer access verification
> (CVE-2008-0009/10)" (exploit exist as proof of concept) for all kernels
> between 2.6.12-2.6.24.1 (included) which allows any user get root access
> --
vmsplice() has cause several vulnerabilities recently, and it's
trivial to exploit:
[url]http://forum.eviloctal.com/thread-32206-1-1.html[/url]
There are patches and updated kernel packages appearing for the various *nixs:
[url]http://kerneltrap.org/Linux/Patching_CVE-2008-0600_Local_Root_Exploit[/url] 一些临时的解决方法:
[url]http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/[/url]
页:
[1]