[UCI-Linux] Linux kernel bug allows local root access
iglesias at uci.edu
Mon Feb 11 15:56:34 PST 2008
A new Linux kernel bug has surfaced that allows local users to gain root
access to the system. There is an exploit that is actively being used to gain
control of systems. The bug affects kernel versions 2.6.17 thru 18.104.22.168.
If your system is running an affected kernel version, please make sure you
update your system when your Linux distributor releases a patched kernel,
especially if others are logging into your system remotely. A compromised
account anywhere could let someone log in to your system and gain root access
Fedora 6, 7, and 8 are affected. Fedora 6 is no longer supported, so if you
are running that you should upgrade to a newer release and apply all the
updates, or build a new kernel that is not affected by the bug. Patched
kernels for Fedora 7 and 8 have been released and should be on the UCI mirror
later today or early tomorrow.
Red Hat Enterprise Linux does not appear to be affected since it is using
version 2.6.9 kernels.
I don't have information for other releases; the best way to tell if your
system is affected is to type "uname -a" at the shell prompt and look at the
Mike Iglesias Email: iglesias at uci.edu
University of California, Irvine phone: 949-824-6926
Network & Academic Computing Services FAX: 949-824-2270
More information about the UCI-Linux