Comment 39 for bug 413656

(In reply to comment #47)
>
> If this is a critical remote exploitable vulnerability, we will give it the
> highest priority to release a kernel update that addresses the issue.
>
> For this issue, it is a local privilege escalation vulnerability that can be
> mitigated. For customers who are unable to perform the mitigation steps, they
> can request for a hotfix (unofficial but supported kernel that has this fix
> until we are ready to release one) from Red Hat Support.

The problem is, that apache is also a local user, so any server running Apache with PHP, Perl (or any other scripting language) just became a huge risk.

Any PHP script (like your random badly programmed mambo/joomla module) which has a remote file include exploit, just became a very easy way into root access on almost every RHEL and Fedora server.

We've been upgrading 250 servers over the last 5 days with official .src.rpm's of the kernels with our own patched socket.c file in it, in that time we almost had 1 server compromised, so this exploit is certainly in the wild.
'Luckily' the server froze instead of dropping to a root shell.

- Jeroen Wunnink
(Sysadmin at a dutch webhosting company)