Just a quickie note because I’m bored of relating the same data to everyone – there’s a Linux kernel exploit which seems to affect versions 2.6.17 to 2.6.24.1 and give root privs from any local user:

joel$ ./exploit
[..]
[+] mmap: 0xb7f29000 .. 0xb7f5b000
[+] root
root#

You can in some cases patch it live (!) but I’ve got at least two installations where I had to compile a new kernel.

There’s a patch at git.kernel.org, and you can test whether you’re vulnerable using milw0rm’s exploit proof-of-concept.