![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Most folks who care have probably heard about this Linux kernel vulnerability by now. And a lot of people out there are probably thinking, "Ah, but it's a local exploit, I'm safe as long as I don't give access to anyone I don't trust." Even securitywire says, "It may not be remotely exploitable, but [...]"
But remember, what this means is that now, a remote attacker doesn't have to get a privileged shell. All they have to do is get a shell ... any shell ... with the ability to (via one route or another) place a compiled copy of the exploit code in, say, /tmp and execute it. To quote Mari Nichols of SANS,
"I believe Secunia has correctly identified this vulnerability as a local system vulnerability, but given that every server with a vulnerable kernel can be exploited to get elevated privilege, any unprivileged remote exploit can combine with it to form a remote root-level exploit."