Comment 0 for bug 413656

Mike Green (mikey-badpenguins) wrote :

Binary package hint: linux-image-2.6.15-54-server

CVE Candidate is CVE-2009-2692



I ran the exploit on a fully updated dapper server installation and got root from a normal user account.

Mitigated, at least against this particular posted exploit, via creating /etc/modprobe.d/mitigate-2692:

install ppp_generic /bin/true
install pppoe /bin/true
install pppox /bin/true
install slhc /bin/true