search.internet.com

Become a Marketplace Partner internet.commerce Be a Commerce Partner Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Technology Jobs LinuxToday Newsletters Subscribe News Subscribe PR Subscribe Security internet.com IT Developer Internet News Small Business Personal Technology Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers

Current Newswire: Linux Tips & Tricks: Converting PDF-s to pictures in Linux Ultimate Firefox Productivity Tips: For the Geeks. GoldenDict: A Dictionary Nugget Would You Like Linux With Your Jello? Why I Use Linux: Lofton’s Story Go to Toys 'R Us for your Linux netbook needs Sun xVM VirtualBox 3.0: Virtual Developer's Delight Apple Wary of Ogg Theora: No Agreement Yet on HTML5 Video Standard Freedom is not Free for Countries nor Computer Users Eyecandy Themes For Ubuntu - Download directly from Synaptic - No More Hassles Senior Windows Engineer (TX) Next Step Systems US-TX-Houston Post A Job | Post A Resume Kernel space: The vmsplice() Exploit Feb 20, 2008, 16 :00 UTC (8 Talkback[s]) (4651 reads) (Other stories by Jonathan Corbet) "As this is being written, distributors are working quickly to ship kernel updates fixing the local root vulnerabilities in the vmsplice() system call. Unlike a number of other recent vulnerabilities which have required special situations (such as the presence of specific hardware) to exploit, these vulnerabilities are trivially exploited and the code to do so is circulating on the net. The author found himself wondering how such a wide hole could find its way into the core kernel code, so he set himself the task of figuring out just what was going on - a task which took rather longer than he had expected. "The splice() system call, remember, is a mechanism for creating data flow plumbing within the kernel..." Complete Story Related Stories: Linux Kernel Hole Exploited, Despite Patch Release(Feb 14, 2008) Patching CVE-2008-0600, Local Root Exploit(Feb 12, 2008) Linux Kernel "vmsplice()" System Call Vulnerabilities(Feb 11, 2008) Index Mode   |   Flat Mode   |   Thread Mode   |   Thread Flat     Talkback(s) Name  and Date   I disagree with the 'sloppiness' comment.    Rainer Weikusat Feb 20, 2008, 16:56:44     RE: I disagree with the 'sloppiness' comme    Stephen Clark Feb 20, 2008, 21:22:18     Re: I disagree with the 'sloppiness' comme    Wogster Feb 20, 2008, 23:03:00     Re: Sloppiness    Yim Feb 21, 2008, 00:58:42     Re: Re: I disagree with the 'sloppiness' c    Rainer Weikusat Feb 21, 2008, 07:25:35     Re: RE: I disagree with the 'sloppiness' c    Rainer Weikusat Feb 21, 2008, 07:38:19     Re: Re: Re: I disagree with the 'sloppiness    blackhole Feb 21, 2008, 17:24:39     Re: Re: Re: Re: I disagree with the 'sloppines    Rainer Weikusat Feb 21, 2008, 18:28:12     Home | Search Talkbacks | Customize View    Top of Page   Enter your comments below: * Your Name: * Your Email Address: * Subject: CC: [will also send this talkback to an E-Mail address] * Comments: Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content. Fields marked with * are required!

All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP Search: WebMediaBrands Corporate Info Legal Notices, Licensing, Reprints, Permissions, Privacy Policy. Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs Solutions Whitepapers and eBooks Whitepaper: Introducing the Azure Services Platform Whitepaper: Introduction to Microsoft .NET Services for Developers Whitepaper: Securing Microsoft's Cloud Infrastructure Internet.com eBook: Becoming a Better Project Manager Microsoft Partner Portal: What Azure Means for Microsoft Partners Internet.com eBook: Web Development Frameworks for Java Internet.com eBook: Developing a Content Management System Strategy Article: Ten Things IT Professionals Should Know About Windows 7 MORE WHITEPAPERS, EBOOKS, AND ARTICLES Webcasts Get Started with .NET Services MORE WEBCASTS, PODCASTS, AND VIDEOS Downloads and eKits Amyuni: PDF & PDF/A Engine for .NET and ActiveX Apps Red Gate Free Trial: SQL Toolbelt Iron Speed Designer Application Generator Download Award-Winning Red Gate SQL Backup Pro MORE DOWNLOADS, EKITS, AND FREE TRIALS Tutorials and Demos Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products Internet.com Hot List: Java EE 6 Platform Highlights the JavaOne Conference MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES