Finding exploit code
Finding more information regarding the exploit
http://packetstormsecurity.org/files/cve/[CVE]
http://www.vulnview.com/cve-details.php?cvename=[CVE]
(Quick) “Common” exploits. Warning. Pre-compiled binaries files. Use at your own risk
http://web.archive.org/web/20111118031158/http://tarantula.by.ru/localroot/
http://www.kecepatan.66ghz.com/file/local-root-exploit-priv9/
Mitigations
Is any of the above information easy to find?
Try doing it! Setup a cron job which automates script(s) and/or 3rd party products
Is the system fully patched?
Kernel, operating system, all applications, their plugins and web services
apt-get update && apt-get upgrade
yum update
Are services running with the minimum level of privileges required?
For example, do you need to run MySQL as root?
Scripts Can any of this be automated?!
http://pentestmonkey.net/tools/unix-privesc-check/
http://labs.portcullis.co.uk/application/enum4linux/
http://bastille-linux.sourceforge.net
Other (quick) guides & Links
Enumeration
http://www.0daysecurity.com/penetration-testing/enumeration.html
http://www.microloft.co.uk/hacking/hacking3.htm
Misc
http://pentest.cryptocity.net/files/operations/2009/post_exploitation_fall09.pdf