Linux kernel vuln reloaded
Escalation of privileges
Security researchers have discovered a potentially serious security vulnerability within a Linux kernel memory management module.
The vulnerability is not remotely executable but it does allow privilege escalation. A hacker who obtains access to a local PC could be able to root a box.
At fault is a bug with the mremap(2) system sub-process, which was subject to an unrelated (but also significant) security problem a few weeks ago.
At risk this time around are versions of the Linux kernel from 2.2 up to and including 2.2.25; 2.4 up to and including 2.4.24; 2.6 up to and including 2.6.2.
Exploitation of the latest flaw is straightforward, according to Polish white hat hackers iSec, which unearthed both problems. But don't get too alarmed - there's no evidence that the vuln has been used in anger.