Skip to content

Local Root Exploit in Multiple Versions of Linux Kernels

All security websites are reporting that there is a script that will allow non-root users with ssh2 access to obtain full access to the system.

All our servers were patched this morning and restarted. According to Redhat bugzilla, it only affected servers running Redhat 5. Servers on Redhat 4 were not affected.

This is considered a very severe exploit.

If you have other servers and want to check if you’re vulnerable, do the following in shell:

grep -ri vmsplice /boot/$(uname -r)

if it returns nothing = not vulnerable
if it returns something like: c048fdf7 T sys_vmsplice = vulnerable


Kevin Liang
CTO / SEO Guru
Canadian Web Hosting

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *