Linux 2.4.24 released due to local root exploit!
Posted on: 01/05/2004 06:45 PM

Quink, a relatively unpopular #2cpu patron, let me know that Slashdot has posted up the news that Linux 2.4.24 has been released to fix an apparent local root exploit.
"It seems there's a bug in the mremap(2) system call, where a local user can get root privileges.The new version has been released only with the most important bugs fixed - the rest of the changes have been postponed (those changes include the XFS filesystem)."
If you're responsible for a box with a whack of local users who you don't know and trust, it's time to fetch some source and make with the compiling.




Printed from 2CPU.com (http://www.2cpu.com/contentteller.php?ct=news&action=story&page=linux_2424_released_due_to_local_root_exploit.html)