[K12OSN] Major Kernel Vulnerability in FC6

Nils Breunese nils at breun.nl
Tue Feb 12 20:41:09 UTC 2008

k12ltsp wrote:

> It's being reported over the news and online that a major kernel
> vulnerability exists in many versions of linux, including FC6, that  
> allows
> any user to gain root access from their command line.
> We have already had a student learn of this exploit and take down our
> network. Unfortunately Redhat stopped updating FC6 as of december 7  
> and
> have no plans to update it anymore. Fixes for the vulnerability are  
> now
> available for FC7 and FC8.
> Does anyone know what the status is with K12LTSP moving to FC7 or  
> higher?

LTSP is on track to be incorporated into Fedora 9: http://fedoraproject.org/wiki/Features/K12Linux 
  I'm not sure if a K12LTSP release based on Fedora 7 or 8 will ever  
see the light.

> Does anyone know of an RPM Kernel upgrade that is available for FC6  
> that
> we can install to correct the issue?

If there is a patch someone should be able to build a patched FC6  
kernel I guess. We have a K12LTSP 5EL server, so we have a supported  

> This exposes a major vulnerability that any student can take  
> advantage of
> and gain root access.

A guy called Morten Hustveit created a modified version of the exploit  
that patches the vulnerability: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953#14 
  Could be a nice temporary fix.

Nils Breunese.

More information about the K12OSN mailing list