Quote
Canonical, Red Hat, and Arch Linux have released patches that fix a vulnerability in Linux kernels 2.6.39 and above that enable attackers to gain system root access. The distro patches followed a kernel patch to fix the vulnerability, but proof-of-concept exploit code examples have already been posted.
A kernel patch submitted on Jan. 17 by Linux overseer Linus Torvalds designed to repair a privilege escalation vulnerability quickly spawned the publication of proof-of-concept exploit code. The patch was publicized before Linux distro projects had time to apply their own patches -- leaving any distro with Linux kernels 2.6.39 and above vulnerable to root access exploits.
Since then, Canonical (Ubuntu), Red Hat, and the Arch Linux team moved quickly to release their respective distro patches to address the problem, but other distros remain vulnerable.
http://www.desktoplinux.com/news/NS7878870944.html A kernel patch submitted on Jan. 17 by Linux overseer Linus Torvalds designed to repair a privilege escalation vulnerability quickly spawned the publication of proof-of-concept exploit code. The patch was publicized before Linux distro projects had time to apply their own patches -- leaving any distro with Linux kernels 2.6.39 and above vulnerable to root access exploits.
Since then, Canonical (Ubuntu), Red Hat, and the Arch Linux team moved quickly to release their respective distro patches to address the problem, but other distros remain vulnerable.