[NBLUG/talk] local root exploit, no vendor patches available at the moment
Scott Doty
scott at sonic.net
Tue Mar 2 09:08:01 PST 2004
On Tue, Mar 02, 2004 at 05:59:52PM +0100, error wrote:
> ] >From the advisory:
> ]
> ] Tested and known to be vulnerable kernel versions are all <= 2.2.25, <=
> ] 2.4.24 and <= 2.6.2. The 2.2.25 version of Linux kernel does not
> ] recognize the MREMAP_FIXED flag but this does not prevent the bug from
> ] being successfully exploited.
It says "<= 2.4.24", meaning 2.4.25 doesn't suffer from this vulnerability
(unless I'm gravely mistaken). It didn't recommend upgrading to 2.4.25
because that kernel version didn't exist at the time of the advisory.
-Scott
More information about the talk
mailing list