Linux kernel exploit roots 64-bit machines

Attackers have used a freely available exploit to target a number of 64-bit Linux machines, according to a Linux patch management software firm.

The exploit is particularly pernicious, as it can leave a backdoor on systems that have workarounds deployed, according to rebootless Linux security update company Ksplice. The stack pointer underflow weakness has been given a common vulnerability code of CVE-2010-3081.

"In the last day, we've received many reports of people attacking production systems using an exploit for this vulnerability, so if you run Linux systems, we recommend that you strongly consider patching this," said Ksplice chief executive Jeff Arnold in a blog post on Saturday.

Exploit code was made available on the Full Disclosure mailing list on Wednesday. Arnold said that the flaw was introduced into the Linux kernel in 2008 and involves every 64-bit Linux distribution.

"Essentially every distribution is affected, including RHEL, CentOS, Debian, Ubuntu, Parallels Virtuozzo Containers, OpenVZ, CloudLinux, and SuSE, among others," said Arnold.

Red Hat said in an advisory that it had patched its Red Hat Enterprise Linux (RHEL) software on Sunday.

The flaw was reported by security researcher Ben Hawkes on 7 September, and patched by Linux kernel developers on 14 September.

Security organisation Sans Institute said on Sunday that it recommended Linux administrators patch the kernel, and use Ksplice software to check machines for the problem.