Linux Privilege Escalation Hole Detected:
"For the second time in as many months, security researchers have uncovered a privilege escalation security flaw in the Linux kernel.…"

The flaw carries a "critical" rating and affects Linux versions 2.2 up to and including 2.2.25; it also impacts versions 2.4 up to and including 2.4.24 as well as versions 2.6 up to and including 2.6.2.

"Proper exploitation of this vulnerability leads to local privilege escalation giving an attacker full super-user privileges. The vulnerability may also lead to a denial-of-service attack on the available system memory," iSEC warned.

Linux distributor Gentoo confirmed its implementation of the open source operating system was susceptible to the flaw and strongly urged uses to upgrade to newer, more secure versions.

According to Gentoo, arbitrary code with normal non-superuser privileges may be able to exploit this vulnerability and may disrupt the operation of other parts of the kernel memory management subroutines.

Proper exploitation of this vulnerability may lead to local privilege escalation allowing for the execution of arbitrary code with kernel level root access," Gentoo warning, noting that proof-of-concept exploit code has been created and successfully tested.

The flaw was discovered in the memory subsystem which allows for shrinking, growing, and moving of chunks of memory along any of the allocated memory areas which the kernel possesses. iSEC Security Research found that the code doesn't check the return value of the memory function.…

http://www.internetnews.com/dev-news/article.php/3322911