"There is a security hole in all versions of linux-2.6 distributed by Debian, including Etch's kernel." This is taken from above Debian bugzilla. I confirm it on: - vanilla 2.6.24.1 - gentoo-sources 2.6.24 both on x86_64. I failed to confirm on vanilla 2.6.23.8 on i586. Reproducible: Always Steps to Reproduce: 1.use 2.the exploit 3. included in Debian report! If it disappears for some reasons I can send it to you. Actual Results: System took over by local user. Expected Results: Total disaster. I'm waiting for a patch, any local user accounts should be disabled.
*** This bug has been marked as a duplicate of bug 209460 ***