Archive for September, 2010
Linux Kernel x86 64-bit 0day Exploit
by bats on Sep.20, 2010, under Exploits, Linux
This exploit is real and it’s been in circulation for 2 years now. RHEL should have a patched kernel available early this week. Details are here.
https://access.redhat.com/kb/docs/DOC-40265.
The exploit is here, but it has a backdoor which can’t be cleared without a reboot. I’d advise not to run this code unless you want to reboot afterwords to clear out the in-memory backdoor.
http://seclists.org/fulldisclosure/2010/Sep/att-268/ABftw_c.bin.
**Update**
Redhat has patched their kernel to protect against this exploit. The new kernel was released on 2010/09/21. The updated RHEL5 kernel is 2.6.18-194.11.4.el5.
