There is a common thinking error in Linux professionals today - "security holes are not really something to worry about - these "exploits" can't REALLY be applied to threaten anyone - they are just reports of system updates".
Consider:
1) Do you trust your users? Any user account can deploy a root buffer overflow script.
2) Do you have SSH open to the world, yet are not sure your passwords don't appear in the dictionary attack lists to provide $badkitties a nice shell to buffer overflow your root (setup a rootkit and pwn your servers)?
3) Are your system patches up to date or did you simply do what everyone does and yum update at build?
http://www.milw0rm.com/exploits/5092 = Exploit script for obtaining root from a shell against a CVE CentOs/RedHat vmsplice() system call in the 5 kernel.
Full Example/Description of the vmsplice (3 different buffer exploits) Including Most recent patches: https://bugzilla.redhat.com/show_bug.cgi?id=432251
Be afraid, be very afraid!
On Sarbanes-Oxley and PCI Compliant networks, ssh is not allowed without source and destination controls.
Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452
Windows Live Hotmail now works up to 70% faster. Sign up today.