> There is a security hole "splice: missing user pointer access verification
> (CVE-2008-0009/10)" (exploit exist as proof of concept) for all kernels
> between 2.6.12-2.6.24.1 (included) which allows any user get root access
> --
vmsplice() has cause several vulnerabilities recently, and it's
trivial to exploit:
http://www.milw0rm.com/exploits/5092
There are patches and updated kernel packages appearing for the various *nixs:
http://kerneltrap.org/Linux/Patc ... _Local_Root_Exploit
