Hi,

I have just discovered this kernel exploit which allows a local user
to obtain root priviliges. The detailed explanation is given at [1].
The patch has been apparently fixed in the kernel as of now (according
to the blog post), but that update has not yet come into archlinux.
And while, the /bin/su is fine and is not vulnerable to exploit,
gpasswd is vulnerable and I am able to carry out the exploit on my
computer as of now, using the gpasswd program. The list of programs
that may be vulnerable are given by the following command

[user@localhost]$ for p in $(echo $PATH | tr ‘:’ ‘ ‘); do find “$p�
-perm -4005; done

which gives in my system the following list [3]

Not all of them work, /bin/su does not work, nor does ping work.

Any news of any kind of update? By the way, here is the patch that is
available for the same [2].

[1] : http://blog.zx2c4.com/749

[2]: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804d bb27977a3cccc

[3] : /usr/bin/kppp
/usr/bin/gpasswd
/usr/bin/rsh
/usr/bin/chsh
/usr/bin/chfn
/usr/bin/pkexec
/usr/bin/chage
/usr/bin/kwrited
/usr/bin/ksu
/usr/bin/Xorg
/usr/bin/newgrp
/usr/bin/rcp
/usr/bin/expiry
/usr/bin/passwd
/usr/bin/rlogin
/usr/bin/crontab
/bin/fusermount
/bin/traceroute6
/bin/ping6
/bin/umount
/bin/ping
/bin/mount
/bin/traceroute
/bin/su
/sbin/mount.cifs
/sbin/unix_chkpwd

--
-------------------------------------------------------
Cheers
Jayesh Vinay Badwaik
Electronics and Communication Engineering
VNIT, INDIA
-