This has been giving us headaches from clients all day so I figured it made sense to post it (as no one else appears to have done so) - seeing as it affects pretty much everything since the 2.4 kernel.
Might be a good moment to update those kernels people :)
These are really beautiful exploits. Other people have written them up better than I can, so I won't bother, but it's worth tracking down the writeups; you'll be a slightly smarter person after reading them, and they'll make you smile.
That is an excellent explanation of a truly surprising vulnerability, but I'm pretty sure that was a different local-root Linux kernel null-pointer bug, one discovered a month earlier.
Isn't this like the last bug? Limited to being an exploit on systems where the default security policy is (was) to allow writable mappings at page zero? If so, shouldn't the SELinux treatment for those be effective here too?
Haha and I was thinking the other day reading ms tech bulletins that MS always has such a long list of affected software!. Look at this: 473 different versions
The length of the list is a function of two variables, the first the length the bug has been in production, the second the number of versions you have released in to the wild.
What you're seeing here is a fairly rare occurrence in the linux world, a bug that has been in the code for a long long time. Frequent releases are pretty common in open source projects.
This has been giving us headaches from clients all day so I figured it made sense to post it (as no one else appears to have done so) - seeing as it affects pretty much everything since the 2.4 kernel.
Might be a good moment to update those kernels people :)
(elreg blurb: http://www.theregister.co.uk/2009/08/14/critical_linux_bug/)