Linux vmsplice()Root Exploit
On Saturday February 10th, 2008, a new public exploit was released that utilizeed a similar flaw in vmsplice (vmsplice_to_pipe function) which allows a local user to gain root privileges. This exploit affects Linux kernels v2.6.17 and higher.

vmsplice exploit code is available at: Linux Kernel Multiple Prior to 2.6.24.1 Multiple Memory Access Vulnerabilities

Once an attacker runs the code and gains root privilages, he/she will then be able to read and write to arbitrary memory locations on affected servers.

How can I discover if my system is vulnerable?

SSH to the server and run the following command:

/bin/grep -ri vmsplice /boot/System.map-$(uname -r)

If the system returns no results/nothing, that means your system is NOT vulnerable. If the system returns something like:

c048fdf7 T sys_vmsplice

that means your system is vulnerable.

Solution:
Many Linux distributions reported this bug and provided the following patches for their respective systems: Ubuntu, Debian, CentOS, RedHat, Gentoo

Other articles in this Category