Linux 2.4.24 Release Fixes Root Vulnerability

diegocgteleline.es writes "Linux Kernel 2.4.24 has been released and is available on kernel.org. It seems there's a bug in the mremap(2) system call, where a local user can get root privileges.The new version has been released only with the most important bugs fixed - the rest of the changes have been postponed (those changes include the XFS filesystem)."

Re:Anyone written an exploit yet?

Try this:- exploit

Re:Not another one

[Benley]

No kidding. I saw this release and I was like "You've got to be fucking kidding me." I upgraded my colo server to 2.4.23 TWO DAYS AGO when I was in Chicago. It's a good thing I was onsite for it, too, because it wouldn't have rebooted all by itself.

It is because of this sort of thing that I am 'upgrading' to a Sun machine running Solaris. Not because Solaris never needs kernel patches, but because Suns are more likely to actually COME BACK UP when you reboot them remotely. Some errors you WILL NOT SEE ON A SUN:

KEYBOARD ERROR
PRESS F1 TO CONTINUE

FLOPPY DRIVE A: ERROR
PRESS F1 TO CONTINUE

CMOS CHECKSUM INVALID
RUN BIOS SETUP
PRESS F1 TO CONTINUE

etc. I will be a HAPPY CAMPER when I don't have to worry about that sort of crap anymore.

I debated between buying (used) a Sun Ultra2 (2x300mhz UltraSparc II) and an IBM RS6000 7013-43p/140 (233mhz 604e), because I like AIX as much as I like Solaris. I even considered getting an SGI Origin200 (2x180mhz R10k), but punted on that one because IRIX is a pain in the ass. I ended up buying an Ultra2 last night for $260 because AIX 5.2 can't run on 43p/140's for some arbitrary reason. The Ultra2 will remain supported for a good long while. AND IT WILL HAVE MIRRORED SYSTEM DRIVES. That will be nice.