This is an issue that affects pretty much all Linux distribution released since 2001 (2.4 and 2.6 kernels). It allows local users with limited privileges to escalate their privileges to root level by initializing a socket or by invoking certain protocols. Exploits are publicly available. This exploit requires local console access and does NOT allow remote code execution.
This is considered a critical vulnerability because it can be used to acquire root access.
Updates are available for Debian and Ubunto and should be available soon for Red Hat Enterprise and CentOS.
Issues like this raise an interesting point with regard to cloud services. One cannot simply install an updated version of the kernel on a virtual server in the cloud. Typically, one must rely on the provider for such updates. In addition, the actual version of the kernel running on a hosted cloud server may not even be easily determined. An expanded discussion of this topic can be found
Dennis H in West Virginia, US
August 21, 2009
Botnets now shape public opinion. More specifically, the people in control of botnets influence trends on social media. It’s a brand new age of information warfare that scales...