New Zero-Day Linux kernel vulnerability exploit posted

, posted: 15-Jul-2006 14:47

This recent SANS Handler's diary post says an exploit for a new Linux kernel vulnerability has been posted. The exploit provides privilege escalation and works on all 2.6.x kernels, although SANS says SELinux stops it from working.

Don't have many details yet, but SANS writes:

... the published exploit depends on the a.out support in the kernel (the CONFIG_BINFMT_AOUT has to be set), but the vulnerability can be exploited no matter if a.out is supported or not.

That doesn't make sense to me: so the a.out binary format has to be compiled into the kernel, but the exploit works even if a.out isn't supported. Huh?

Other related posts:
FreeBSD 6.2 released
Thunderbird 2.0 beta 1 out - and I like it
Firefox 2.0 and Windows Vista niggles

comments powered by Disqus


Google News search
IT News
PC World New Zealand
Computerworld NZ
PC World and Computerworld Australia
PC World US
Computerworld US
NZ Herald
Virus Bulletin

Content copyright © Juha Saarinen. If you wish to use the content of my blog on your site, please contact me for details. I'm usually happy to share my material as long as it's not for spamblogs and content farms. Please attribute with a link back to this blog. If you wish to advertise on my blog, please drop me an email to discuss the details.
Comments policy All comments posted on this blog are the copyright and responsibility of the submitters in question. Comments commercial and promotional in nature are not allowed. Please ensure that your comments are on topic and refrain from making personal remarks.