Do not be too proud of this technological terror you have constructed
or, Guest to Root in 5 easy steps
from ISTS at Dartmouth

Linux developers released version 2.4.24 update to the kernel on January 5, 2004, addressing several flaws, including two serious security holes. The most serious flaw, found in a virtual memory function, resembles a flaw used by attackers in December 2003 to gain control of several servers used by open-source developers. The second flaw lies in a device driver problem, and would allow an attacker to read kernel memory. Both flaws allow an attacker to elevate privileges. Marcelo Tosatti, the maintainer of the 2.4 kernel series, said developers decided to release the update as soon as possible once they learned how the flaws could be exploited.

posted by prof_booty | 01:42 PM