Brad Spengler, the developer behind the Grsecurity project, has published an exploit for a vulnerability in the Tun interface in Linux kernel 2.6.30 and 2.6.18, used in Red Hat Enterprise Linux 5 (RHEL5), which can be exploited by attackers to obtain root privileges. Of particular interest is the fact that the exploit is even able to circumvent security extensions such as SELinux. According to Spengler's report, the vulnerability is only found in these two versions of the kernel. The core of the problem is a normally non-exploitable null pointer dereference, which becomes exploitable due to the GCC's optimisation function.