[UCI-Linux] Linux kernel bug allows local root access

Mike Iglesias iglesias at uci.edu
Mon Feb 11 15:56:34 PST 2008

A new Linux kernel bug has surfaced that allows local users to gain root 
access to the system.  There is an exploit that is actively being used to gain 
control of systems.  The bug affects kernel versions 2.6.17 thru

If your system is running an affected kernel version, please make sure you 
update your system when your Linux distributor releases a patched kernel, 
especially if others are logging into your system remotely.  A compromised 
account anywhere could let someone log in to your system and gain root access 

Fedora 6, 7, and 8 are affected.  Fedora 6 is no longer supported, so if you 
are running that you should upgrade to a newer release and apply all the 
updates, or build a new kernel that is not affected by the bug.  Patched 
kernels for Fedora 7 and 8 have been released and should be on the UCI mirror 
later today or early tomorrow.

Red Hat Enterprise Linux does not appear to be affected since it is using 
version 2.6.9 kernels.

I don't have information for other releases; the best way to tell if your 
system is affected is to type "uname -a" at the shell prompt and look at the 
kernel version.

Mike Iglesias                          Email:       iglesias at uci.edu
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2270

More information about the UCI-Linux mailing list