Linux kernel exploit roots 64-bit machines

Linux kernel exploit roots 64-bit machines

Summary: An exploit for the Linux kernel is being used in the wild to compromise an increasing number of machines, security organisations have warned

SHARE:
TOPICS: Security
9

Attackers have used a freely available exploit to target a number of 64-bit Linux machines, according to a Linux patch management software firm.

The exploit is particularly pernicious, as it can leave a backdoor on systems that have workarounds deployed, according to rebootless Linux security update company Ksplice. The stack pointer underflow weakness has been given a common vulnerability code of CVE-2010-3081.

Read this

Jack Wallen graphic

Ten tools for crashed Linux, Windows or Mac machines

Whether your machine is a Mac or based on Linux or Windows, when it fails to boot you need a dependable recovery tool. Here are a few Linux tools that may save the day, says Jack Wallen

Read more

"In the last day, we've received many reports of people attacking production systems using an exploit for this vulnerability, so if you run Linux systems, we recommend that you strongly consider patching this," said Ksplice chief executive Jeff Arnold in a blog post on Saturday.

Exploit code was made available on the Full Disclosure mailing list on Wednesday. Arnold said that the flaw was introduced into the Linux kernel in 2008 and involves every 64-bit Linux distribution.

"Essentially every distribution is affected, including RHEL, CentOS, Debian, Ubuntu, Parallels Virtuozzo Containers, OpenVZ, CloudLinux, and SuSE, among others," said Arnold.

Red Hat said in an advisory that it had patched its Red Hat Enterprise Linux (RHEL) software on Sunday.

The flaw was reported by security researcher Ben Hawkes on 7 September, and patched by Linux kernel developers on 14 September.

Security organisation Sans Institute said on Sunday that it recommended Linux administrators patch the kernel, and use Ksplice software to check machines for the problem.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • a correction: Red Hat didn't release a new kernel until early Tuesday morning. What was posted on Sunday was just a copy of the original source code patch file backported to apply to the RHEL 5 kernel posted in the bugzilla.
    tabbott
  • Thanks for your comment. I didn't say that Red Hat had released a new kernel, I said: "Red Hat said in an advisory that it had patched its Red Hat Enterprise Linux (RHEL) software on Sunday."

    Red Hat decribed their mitigation procedure, on Sunday, as a "patch"

    "Created patch with fix to the release kernel-2.6.18-194.11.3.el5," said Roberto Yokota 2010-09-19 18:08:26 EDT in the advisory.
    Tom Espiner
  • Microsoft should be quaking in their boots now that Linux is starting to get the attention of hackers. Still, I would not go back to windows.
    ator1940
  • Which one would hackers rather target?

    Windows, an operating system with many home and other individual users, with relatively little valuable information to steal or destroy?

    Linux, the kernel behind many operating systems that collectively form the majority of the global server market, holding the bulk of sensitive personal data and the exploit of which could bring down an economy?
    aaaaqwer-23971049490632024899811755034209
  • @Delan Azabani: I think you'd better check the latest market share numbers in the server market...
    Cyrus_V2000
  • And btw. isn't the marketshare story the one Linux people always use to laugh at?
    Cyrus_V2000
  • I'm surprised that this vulnerability has been around since 2008. Usually with open source, fixes are done and over with by the time the news gets out.
    Chris_Clay
  • Just thinking... Open source means easier to create exploits as you can see the code. Linux is getting new customers from Unix users. Windows server have more than 60% of the market from recent stats (but do your own search).
    panoslondon1
  • "Microsoft should be quaking in their boots now that Linux is starting to get the attention of hackers."

    Funny I would have thought they would be laughing there tits off, oh dear I couldn't help that pun. :p
    CA-aba1d