Ok - turns out its a local only exploit: http://www.securityfocus.com/bid/18874/info it was actually discoved about a week ago, and patched kernels are available. It appears you can 'work around' this vuln. by specificying the dump location if you can't upgrade kernel. Steve