Linux kernel exploit roots 64-bit machines

Linux kernel exploit roots 64-bit machines

Summary: Attackers have used a freely available exploit to target a number of 64-bit Linux machines, according to a Linux patch management software firm.

SHARE:

Attackers have used a freely available exploit to target a number of 64-bit Linux machines, according to a Linux patch management software firm.

The exploit is particularly pernicious, as it can leave a backdoor on systems that have workarounds deployed, according to rebootless Linux security update company Ksplice. The stack pointer underflow weakness has been given a common vulnerability code of CVE-2010-3081.

"In the last day, we've received many reports of people attacking production systems using an exploit for this vulnerability, so if you run Linux systems, we recommend that you strongly consider patching this," said Ksplice chief executive Jeff Arnold in a blog post on Saturday. Exploit code was made available on the Full Disclosure mailing list on Wednesday. Arnold said that the flaw was introduced into the Linux kernel in 2008 and involves every 64-bit Linux distribution.

For more of this story, read Linux kernel exploit roots 64-bit machines on ZDNet UK.

Topics: Hardware, Linux, Open Source, Operating Systems, Processors, Software

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

127 comments
Log in or register to join the discussion
  • But I thought that apparmor was POLICING the kernel?

    So this should not be possible at all!

    Oh boy, someones reputation is at stake here.
    honeymonster
    • Yes, yours!

      Oh, my bad, you don't have one.

      By the way, did you read this: "Exploit code was made available on the Full Disclosure mailing list on Wednesday.".

      See? Linux has nothing to hide!
      OS Reload
      • Any chance you can address his point instead of an ad hom?

        @OS Reload: Pretty please?

        [i]By the way, did you read this: "Exploit code was made available on the Full Disclosure mailing list on Wednesday.".

        See? Linux has nothing to hide![/i]

        And now you've added a strawman. I don't see anything in his post stating or implying Linux had anything to hide.
        ye
      • @ye: Yes, gladly!

        Apparmor protects you from software vulnerabilities not kernel vulnerabilities.<br><br>Apparmor does not police the kernel, only software.<br><br>I'm sure you already knew that. But that honey guy, hmm... He's completely clueless, as always.

        P.S. The only reason I didn't address his "point" is because he didn't have any point. Capice?
        OS Reload
      • Yes, we did. Including that "honey guy"

        @OS Reload: [i]I'm sure you already knew that. But that honey guy, hmm... He's completely clueless, as always.[/i]

        That "honey guys" comment were a reflection of certain Linux advocate.
        ye
      • @ye: Yes I know, I'm not dumb.

        Unfortunately that honey guy thwarted reality a bit by insinuating that Dietrich said that Apparmor polices the kernel, which is completely false.

        Seeing you side with dishonest people to be economical with the truth is new to me. You used to be honest, ye.
        <br><br>And seeing you insinuate that somehow there's a point in honey guy's comment is completely disappointing.<br><br>Careful who you partner with, ye, stay away from dishonest technically inept people who like to post on tech blogs, they are not your kind.
        OS Reload
      • Oh but he did.

        @OS Reload: [i]Unfortunately that honey guy thwarted reality a bit by insinuating that [b]Dietrich said that Apparmor polices the kernel[/b], which is completely false.[/i]
        ye
      • You are going to hate this

        @OS Reload
        You do realize the sad, sad story behind these latest Linux exploits? No?

        Get this: This bug has been known for a long time. Actually it was patched <i>back in 2007</i>. But the chaotic and inept Linux configuration management <u>reintroduced</u> the bug again.

        And this is far from the first time something like this happened. How can you trust an OS which repeatedly patches its many (many!) bugs only to see them reverted and then patched again?
        honeymonster
      • @ye: No he dit NOT!

        I guess I'll have to rephrase what I wrote above. In the past you used to make an effort to look honest.

        As they say some appearances are illusory and can lead to error. You lead me to believe you were honest.

        Now I see how wrong I was.
        OS Reload
      • Yes, he did. Bury your head in the and if you need to. Insult me if it help

        @OS Reload: That's what the bulk of these comments are about.
        ye
      • Where can I get the exploit code?

        Where can I get the exploit code?
        At http://www.seclists.org/fulldisclosure/2010/Sep/268 I found a link to ABftw_c.bin called ABftw.c
        What is that ? How do I use it? What will it do?
        ghooton
      • RE: Where can I get the exploit code?

        @ghooton

        It won't do anything now - the patch has already been released for the major distros... Unless the admin's don't patch :)
        ~doolittle~
    • LOL!! Thanks for the laugh this morning! (nt)

      @honeymonster
      NonZealot
      • A sad joke is no laughing matter

        It's you who become the laughing matter by laughing.<br><br>Apparmor does not do kernel policing. You're showing that are as <b>technically inept</b> as that honey guy.
        OS Reload
      • Seeing you partnering with the technically inept got me wondering

        how much lower can you "climb?"
        OS Reload
    • RE: Linux kernel exploit roots 64-bit machines

      @honeymonster
      Great post! We were told all the time how this could not happen yet it did! I'm glad I didn't stake my reputation on linux.
      Loverock Davidson
      • Of course you didn't.

        @Loverock Davidson


        Isn't it obvious why?
        OS Reload
      • RE: I'm glad I didn't stake my reputation on linux.

        @Loverock Davidson

        I had a snarky retort for you, but on second thought, ..... never mind, it would be a waste of time.

        One could explain quantum physics to a `brick wall`, but the `brick wall` is incapable of comprehension. Sadly, I feel that metaphor applies to you also.
        fatman65535
      • why you are stoopid, Loverock Davidson...

        @Loverock Davidson

        Oh, but you know everything already. I needn't remind you this horrendous "flaw" was never exploited, but 24 million windows machines were exploited today alone.

        But I apologize, Linus Davidson, I bend to your superior $#1t; It stinks, mine doesn't. That makes you better. My bad.

        BTW Linus. I knew you needed to "blow off some steam" like Rush said the torturous prison guards in Iraq were "merely" doing, but I didn't realize you also held a majority share of McAfee AND Norton...!

        Well done. Crap on everyone at once, while you go on developing the safest most efficient OS a computer ever could wish for.

        You are pure genius, Linus.. er "Loverock Davidson." ;) Your secret is safe with me! =)
        pgit
      • RE: Linux kernel exploit roots 64-bit machines

        @Loverock Davidson OH GOD, HERE WE GO !!!!
        IT'S LOVEROCK THE APPLE MOLE BACK AGAIN.
        Steve__Jobs