Linux Kernel x86 64-bit 0day Exploit
by bats on Sep.20, 2010, under Exploits, Linux
This exploit is real and it’s been in circulation for 2 years now. RHEL should have a patched kernel available early this week. Details are here.
https://access.redhat.com/kb/docs/DOC-40265.
The exploit is here, but it has a backdoor which can’t be cleared without a reboot. I’d advise not to run this code unless you want to reboot afterwords to clear out the in-memory backdoor.
http://seclists.org/fulldisclosure/2010/Sep/att-268/ABftw_c.bin.
**Update**
Redhat has patched their kernel to protect against this exploit. The new kernel was released on 2010/09/21. The updated RHEL5 kernel is 2.6.18-194.11.4.el5.
September 20th, 2010 on 4:25 pm
You can detect if the exploit has been run on your RHEL/CentOS box using this tool. Run it as non-root user.
http://www.ksplice.com/uptrack/cve-2010-3081
September 23rd, 2010 on 3:37 pm
Great post! I wish you could follow up to this topic!?
November 23rd, 2010 on 4:57 am
OS Backups shouldn’t be a pain. A reasonable backup cron will go for months!