If you keep up with news on the net, you’ve probably heard about the “new” Linux root exploit…and by new, I mean it’s been in every kernel since 2.4 came out.
Essentially, the problem is that in many cases, userland programs can map page zero, which is where null pointers go to die…or really, where they point to. Anyway, Chris Siebenmann has an excellent explanation of the problem that you should check out.
Incidentally, lots of distributions “fix” this by setting the minimum address that userland programs can grab. To find out what yours is, just cat /proc/sys/vm/mmap_min_addr:
/proc/sys/vm# cat mmap_min_addr 65536
No problem here. If it says “0”, you’re vulnerable to this exploit.