So this should not be possible at all!
Oh boy, someones reputation is at stake here.
Linux kernel exploit roots 64-bit machines
Summary
Attackers have used a freely available exploit to target a number of 64-bit Linux machines, according to a Linux patch management software firm.
Topics
Attackers have used a freely available exploit to target a number of 64-bit Linux machines, according to a Linux patch management software firm.
The exploit is particularly pernicious, as it can leave a backdoor on systems that have workarounds deployed, according to rebootless Linux security update company Ksplice. The stack pointer underflow weakness has been given a common vulnerability code of CVE-2010-3081.
"In the last day, we've received many reports of people attacking production systems using an exploit for this vulnerability, so if you run Linux systems, we recommend that you strongly consider patching this," said Ksplice chief executive Jeff Arnold in a blog post on Saturday. Exploit code was made available on the Full Disclosure mailing list on Wednesday. Arnold said that the flaw was introduced into the Linux kernel in 2008 and involves every 64-bit Linux distribution.
For more of this story, read Linux kernel exploit roots 64-bit machines on ZDNet UK.
Just In
RE: Where can I get the exploit code?
@ghooton
It won't do anything now - the patch has already been released for the major distros... Unless the admin's don't patch
It won't do anything now - the patch has already been released for the major distros... Unless the admin's don't patch
Oh, my bad, you don't have one.
By the way, did you read this: "Exploit code was made available on the Full Disclosure mailing list on Wednesday.".
See? Linux has nothing to hide!
By the way, did you read this: "Exploit code was made available on the Full Disclosure mailing list on Wednesday.".
See? Linux has nothing to hide!
@OS Reload: Pretty please?
By the way, did you read this: "Exploit code was made available on the Full Disclosure mailing list on Wednesday.".
See? Linux has nothing to hide!
And now you've added a strawman. I don't see anything in his post stating or implying Linux had anything to hide.
By the way, did you read this: "Exploit code was made available on the Full Disclosure mailing list on Wednesday.".
See? Linux has nothing to hide!
And now you've added a strawman. I don't see anything in his post stating or implying Linux had anything to hide.
Apparmor protects you from software vulnerabilities not kernel vulnerabilities.
Apparmor does not police the kernel, only software.
I'm sure you already knew that. But that honey guy, hmm... He's completely clueless, as always.
P.S. The only reason I didn't address his "point" is because he didn't have any point. Capice?
Apparmor does not police the kernel, only software.
I'm sure you already knew that. But that honey guy, hmm... He's completely clueless, as always.
P.S. The only reason I didn't address his "point" is because he didn't have any point. Capice?
@OS Reload: I'm sure you already knew that. But that honey guy, hmm... He's completely clueless, as always.
That "honey guys" comment were a reflection of certain Linux advocate.
That "honey guys" comment were a reflection of certain Linux advocate.
Unfortunately that honey guy thwarted reality a bit by insinuating that Dietrich said that Apparmor polices the kernel, which is completely false.
Seeing you side with dishonest people to be economical with the truth is new to me. You used to be honest, ye.
And seeing you insinuate that somehow there's a point in honey guy's comment is completely disappointing.
Careful who you partner with, ye, stay away from dishonest technically inept people who like to post on tech blogs, they are not your kind.
Seeing you side with dishonest people to be economical with the truth is new to me. You used to be honest, ye.
And seeing you insinuate that somehow there's a point in honey guy's comment is completely disappointing.
Careful who you partner with, ye, stay away from dishonest technically inept people who like to post on tech blogs, they are not your kind.
@OS Reload: Unfortunately that honey guy thwarted reality a bit by insinuating that Dietrich said that Apparmor polices the kernel, which is completely false.
@OS Reload
You do realize the sad, sad story behind these latest Linux exploits? No?
Get this: This bug has been known for a long time. Actually it was patched back in 2007 . But the chaotic and inept Linux configuration management reintroduced the bug again.
And this is far from the first time something like this happened. How can you trust an OS which repeatedly patches its many (many!) bugs only to see them reverted and then patched again?
You do realize the sad, sad story behind these latest Linux exploits? No?
Get this: This bug has been known for a long time. Actually it was patched back in 2007 . But the chaotic and inept Linux configuration management reintroduced the bug again.
And this is far from the first time something like this happened. How can you trust an OS which repeatedly patches its many (many!) bugs only to see them reverted and then patched again?
I guess I'll have to rephrase what I wrote above. In the past you used to make an effort to look honest.
As they say some appearances are illusory and can lead to error. You lead me to believe you were honest.
Now I see how wrong I was.
As they say some appearances are illusory and can lead to error. You lead me to believe you were honest.
Now I see how wrong I was.
@OS Reload: That's what the bulk of these comments are about.
Where can I get the exploit code?
At http://www.seclists.org/fulldisclosure/2010/Sep/268 I found a link to ABftw_c.bin called ABftw.c
What is that ? How do I use it? What will it do?
At http://www.seclists.org/fulldisclosure/2010/Sep/268 I found a link to ABftw_c.bin called ABftw.c
What is that ? How do I use it? What will it do?
@ghooton
It won't do anything now - the patch has already been released for the major distros... Unless the admin's don't patch
It won't do anything now - the patch has already been released for the major distros... Unless the admin's don't patch
It's you who become the laughing matter by laughing.
Apparmor does not do kernel policing. You're showing that are as technically inept as that honey guy.
Apparmor does not do kernel policing. You're showing that are as technically inept as that honey guy.
how much lower can you "climb?"
@honeymonster
Great post! We were told all the time how this could not happen yet it did! I'm glad I didn't stake my reputation on linux.
Great post! We were told all the time how this could not happen yet it did! I'm glad I didn't stake my reputation on linux.
@Loverock Davidson
Isn't it obvious why?
Isn't it obvious why?
@Loverock Davidson
I had a snarky retort for you, but on second thought, ..... never mind, it would be a waste of time.
One could explain quantum physics to a `brick wall`, but the `brick wall` is incapable of comprehension. Sadly, I feel that metaphor applies to you also.
I had a snarky retort for you, but on second thought, ..... never mind, it would be a waste of time.
One could explain quantum physics to a `brick wall`, but the `brick wall` is incapable of comprehension. Sadly, I feel that metaphor applies to you also.
@Loverock Davidson
Oh, but you know everything already. I needn't remind you this horrendous "flaw" was never exploited, but 24 million windows machines were exploited today alone.
But I apologize, Linus Davidson, I bend to your superior $#1t; It stinks, mine doesn't. That makes you better. My bad.
BTW Linus. I knew you needed to "blow off some steam" like Rush said the torturous prison guards in Iraq were "merely" doing, but I didn't realize you also held a majority share of McAfee AND Norton...!
Well done. Crap on everyone at once, while you go on developing the safest most efficient OS a computer ever could wish for.
You are pure genius, Linus.. er "Loverock Davidson."
Your secret is safe with me! =)
Oh, but you know everything already. I needn't remind you this horrendous "flaw" was never exploited, but 24 million windows machines were exploited today alone.
But I apologize, Linus Davidson, I bend to your superior $#1t; It stinks, mine doesn't. That makes you better. My bad.
BTW Linus. I knew you needed to "blow off some steam" like Rush said the torturous prison guards in Iraq were "merely" doing, but I didn't realize you also held a majority share of McAfee AND Norton...!
Well done. Crap on everyone at once, while you go on developing the safest most efficient OS a computer ever could wish for.
You are pure genius, Linus.. er "Loverock Davidson."
Your secret is safe with me! =) 
@Loverock Davidson OH GOD, HERE WE GO !!!!
IT'S LOVEROCK THE APPLE MOLE BACK AGAIN.
IT'S LOVEROCK THE APPLE MOLE BACK AGAIN.
@Loverock Davidson 7
I'd be careful not to assume that someone else was told the same thing that you were told, and even more, take everything you're told with a grain of salt. Check things for factuality (on reputable, reliable sites) before taking them as fact, and still with a grain of salt (As my Civics teacher once told me, believe none of what you hear, and only half of what you see. ). Most importantly, don't go parading every false statement you ever hear as being false; others have likely already figured it out, so it just goes to make you look childish.
I'd be careful not to assume that someone else was told the same thing that you were told, and even more, take everything you're told with a grain of salt. Check things for factuality (on reputable, reliable sites) before taking them as fact, and still with a grain of salt (As my Civics teacher once told me, believe none of what you hear, and only half of what you see.
). Most importantly, don't go parading every false statement you ever hear as being false; others have likely already figured it out, so it just goes to make you look childish. 
but that's something we've seen you been pretty much every time you post.
Are you DTS in disguise? You seem pretty upset that people are picking him apart so easilly.
Face it OS Reload, you're on the same sinking ship as him, time to cut your loses and admit that you're as upset about this as he probally is.
Now go wipe that egg off your face, you look ridiculous...
Are you DTS in disguise? You seem pretty upset that people are picking him apart so easilly.
Face it OS Reload, you're on the same sinking ship as him, time to cut your loses and admit that you're as upset about this as he probally is.
Now go wipe that egg off your face, you look ridiculous...
@John Zern
How does a local exploit create a sinking ship?
From Suse:
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
"kernel
Vulnerabilities in the kernel were found that allow local users to gain root privileges on 64bit systems. Updates for all supported distributions are in the works (CVE-2010-3301, CVE-2010-3081)."
Just curious as I'm having trouble coming up with a reason and I'd like to hear your perspective.
How does a local exploit create a sinking ship?
From Suse:
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
"kernel
Vulnerabilities in the kernel were found that allow local users to gain root privileges on 64bit systems. Updates for all supported distributions are in the works (CVE-2010-3301, CVE-2010-3081)."
Just curious as I'm having trouble coming up with a reason and I'd like to hear your perspective.
@honeymonster
The only GOOD NEWS for Linux users is most are too cheap to fork over the cash for 64Bit hardware.
The only GOOD NEWS for Linux users is most are too cheap to fork over the cash for 64Bit hardware.
@ryanstrassburg Damn Skippy! Seriously, you're right on the money there! At least speaking for myself... I am an enthusiastic Linux user, also possibly one of the CHEAPEST beings on the planet! In this case, that turned out to be a good thing!
www.dfwsupergeek.com
Seriously, you're right on the money there! At least speaking for myself... I am an enthusiastic Linux user, also possibly one of the CHEAPEST beings on the planet! In this case, that turned out to be a good thing! www.dfwsupergeek.com
@ryanstrassburg Just using OSS doesn't make you cheap. Our company is specialised in setting up and maintaining Linux servers, some of which cost over $1 million. Our "cheapest" server we currently run is around $20 000 and when there haven't been any PEBCAK (Problem Exists Between Chair and Keyboard) issues have all be running flawlessly for years!
@ryanstrassburg
I guess you don't realize that AMD is the better technology.
Intel and Windows = Wintel. AMD and Linux = Best ! for $.
I guess you don't realize that AMD is the better technology.
Intel and Windows = Wintel. AMD and Linux = Best ! for $.
More to the point: how many users were hurt and how much?
and they do strike often and hard as most windows users can attest.
So I'm wondering, what makes Linux different?
Is it the freedom?
Is it the full disclosure?
What is it that is protecting Linux users from those cybercrime syndicates? Do they prefer Windows users because their technical illiteracy makes them easy prey?
Anyone?
So I'm wondering, what makes Linux different?
Is it the freedom?
Is it the full disclosure?
What is it that is protecting Linux users from those cybercrime syndicates? Do they prefer Windows users because their technical illiteracy makes them easy prey?
Anyone?
@OS Reload
What makes Linux different.
1) Market share
2) Technical savvy of people who run Linux
3) People who run Linux, on the desktop anyway, usually don't easily part with money and would never pay for Anti-Virus Defender 2011.
Now you perhaps see that as an insult to people who use Windows. I personally find that amusing. Have I ever fallen victim to a phishing or socially engineered attack? No. Would I on Linux or Mac? Very unlikely. The people who agree to install software blindly on Windows would do so on any other OS. There is nothing about the OS that protects them. Well over 90% of Windows "threats" fall into those two categories, and all rely on user error. A direct kernel exploit does not.
If Linux had 90%+ market share then yes, this vulnerability would have wreaked havoc and I wonder how you can imply otherwise unless you make these statements to incite flame wars.
What makes Linux different.
1) Market share
2) Technical savvy of people who run Linux
3) People who run Linux, on the desktop anyway, usually don't easily part with money and would never pay for Anti-Virus Defender 2011.
Now you perhaps see that as an insult to people who use Windows. I personally find that amusing. Have I ever fallen victim to a phishing or socially engineered attack? No. Would I on Linux or Mac? Very unlikely. The people who agree to install software blindly on Windows would do so on any other OS. There is nothing about the OS that protects them. Well over 90% of Windows "threats" fall into those two categories, and all rely on user error. A direct kernel exploit does not.
If Linux had 90%+ market share then yes, this vulnerability would have wreaked havoc and I wonder how you can imply otherwise unless you make these statements to incite flame wars.
@OS Reload
"In the last day, we've received many reports of people attacking production systems using an exploit for this vulnerability"... They were not specific. But it is also worth noting, and is also noted to us Windows folk all too often, most WEB SERVERS are hosted on Linux, not Windows.... So most of the web has this vulnerability, not the desktops this time.
"In the last day, we've received many reports of people attacking production systems using an exploit for this vulnerability"... They were not specific. But it is also worth noting, and is also noted to us Windows folk all too often, most WEB SERVERS are hosted on Linux, not Windows.... So most of the web has this vulnerability, not the desktops this time.
@OS Reload
So you're saying there's no need to apply the patch then.
So you're saying there's no need to apply the patch then.
@herry.k
I'm just saying there's something here that's quite different from windows. I still couldn't figure what it is.
Wanna give me a hand?
I'm just saying there's something here that's quite different from windows. I still couldn't figure what it is.
Wanna give me a hand?
LOL!!! HAHAHAHHAHAAHHAA!!! OMG THIS IS HILARIOUS!!!!
@Loverock Davidson
Where can I sign up?
Where can I sign up?
@ericesque And Windows has had big gaping exploits for longer than that. Thats the value of closed source apparently
@Loverock Davidson
Windows' boxes have had a busy week too...shouldn't you be patching instead of laughing?
Windows' boxes have had a busy week too...shouldn't you be patching instead of laughing?
@SonofaSailor
Has nothing to do with this article. Nice deflection LOL!!!
Has nothing to do with this article. Nice deflection LOL!!!
@Loverock
It has to do with your posts though. Quit pretending that you get to set rules for discussions just because it exposes your hypocrisy or ignorance.
It has to do with your posts though. Quit pretending that you get to set rules for discussions just because it exposes your hypocrisy or ignorance.
@SonofaSailor
Nice comeback... Or better yet, don't come back. haha
Nice comeback... Or better yet, don't come back. haha
Hasn't Loverock told you not to talk while your mouth is full?
I can't stop laughing about this!! Wait wait wait, nope I gotta continue laughing LOLOLLOL!!!
do you get it? Patch tuesday, some months from now?
P.S. Zdnet comment system is absolutely fabulous, a new post added with each edit. Fantastic.
P.S. Zdnet comment system is absolutely fabulous, a new post added with each edit. Fantastic.
do you get it? A Patch tuesday , some months from now?
This IS Wednesday and yet "Exploit code was made available on the Full Disclosure mailing list on Wednesday."
We don't have to wait for some stinky patch tuesday sometime in the future, we'll have our patches shortly.
This IS Wednesday and yet "Exploit code was made available on the Full Disclosure mailing list on Wednesday."
We don't have to wait for some stinky patch tuesday sometime in the future, we'll have our patches shortly.
@OS Reload: We don't have to wait for some stinky patch tuesday sometime in the future, we'll have our patches shortly.
Microsoft can, and has, released out-of-cycle patches.
Microsoft can, and has, released out-of-cycle patches.
do you get it? A Patch tuesday , some months from now?
This IS Wednesday and yet "Exploit code was made available on the Full Disclosure mailing list on Wednesday."
We don't have to wait for some stinky patch tuesday sometime in the future, we'll have our patches shortly.
Meanwhile enjoy some good reading , it's about the windows cloud. Excellent stuff, don't miss it.
This IS Wednesday and yet "Exploit code was made available on the Full Disclosure mailing list on Wednesday."
We don't have to wait for some stinky patch tuesday sometime in the future, we'll have our patches shortly.
Meanwhile enjoy some good reading , it's about the windows cloud. Excellent stuff, don't miss it.
@OS Reload
So you need to download the source compile it, and then reboot your computer every day instead of just once a month during a scheduled maintenance window? Wow. Then linux is in a lot worse shape than I thought and another reason for me not to use it.
So you need to download the source compile it, and then reboot your computer every day instead of just once a month during a scheduled maintenance window? Wow. Then linux is in a lot worse shape than I thought and another reason for me not to use it.
@Loverock Nope. The package manager will automatically spot that an update to the kernel is available, download it, install it and then, the only time that a Linux machine needs it for kernel updates, prompt to reboot. No source or compilation. I wish you would wake up and realise that source compilation is not a prerequisite to use Linux. I have been using it for two years on my desktop and never once had to compile code.
Oh, nearly forgot. Ala Mr Foxworthy, "Here's your sign!"
Oh, nearly forgot. Ala Mr Foxworthy, "Here's your sign!"
@Loverock Davidson
Let's check the score card:
Number of Linux malware in the wild: 2
Number of Windows malware in the wild: 2,000,000
I think I'll hold off on pressing the panic button for a while.
Let's check the score card:
Number of Linux malware in the wild: 2
Number of Windows malware in the wild: 2,000,000
I think I'll hold off on pressing the panic button for a while.
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
