On Sat, Feb 21, 2004 at 12:55:06PM -0500, Charles R. Anderson wrote: > > Paul Starzetz discovered a flaw in return value checking in mremap() > > in the Linux kernel versions 2.4.24 and previous that may allow a local > > attacker to gain root privileges. No exploit is currently available; > > ... > > There is an Proof-of-concept exploit available: > > http://www.derkeiler.com/Mailing-Lists/Securiteam/2004-02/0052.html that's "crash the box" exploit as opposed to "get local root", which is what the 'no exploit' refers to in the original Red Hat advisory. Dave
