Linux kernel exploit roots 64-bit machines
Summary: Attackers have used a freely available exploit to target a number of 64-bit Linux machines, according to a Linux patch management software firm.
Attackers have used a freely available exploit to target a number of 64-bit Linux machines, according to a Linux patch management software firm.
The exploit is particularly pernicious, as it can leave a backdoor on systems that have workarounds deployed, according to rebootless Linux security update company Ksplice. The stack pointer underflow weakness has been given a common vulnerability code of CVE-2010-3081.
"In the last day, we've received many reports of people attacking production systems using an exploit for this vulnerability, so if you run Linux systems, we recommend that you strongly consider patching this," said Ksplice chief executive Jeff Arnold in a blog post on Saturday. Exploit code was made available on the Full Disclosure mailing list on Wednesday. Arnold said that the flaw was introduced into the Linux kernel in 2008 and involves every 64-bit Linux distribution.
For more of this story, read Linux kernel exploit roots 64-bit machines on ZDNet UK.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
But I thought that apparmor was POLICING the kernel?
Oh boy, someones reputation is at stake here.
Yes, yours!
By the way, did you read this: "Exploit code was made available on the Full Disclosure mailing list on Wednesday.".
See? Linux has nothing to hide!
Any chance you can address his point instead of an ad hom?
[i]By the way, did you read this: "Exploit code was made available on the Full Disclosure mailing list on Wednesday.".
See? Linux has nothing to hide![/i]
And now you've added a strawman. I don't see anything in his post stating or implying Linux had anything to hide.
@ye: Yes, gladly!
P.S. The only reason I didn't address his "point" is because he didn't have any point. Capice?
Yes, we did. Including that "honey guy"
That "honey guys" comment were a reflection of certain Linux advocate.
@ye: Yes I know, I'm not dumb.
Seeing you side with dishonest people to be economical with the truth is new to me. You used to be honest, ye.
<br><br>And seeing you insinuate that somehow there's a point in honey guy's comment is completely disappointing.<br><br>Careful who you partner with, ye, stay away from dishonest technically inept people who like to post on tech blogs, they are not your kind.
Oh but he did.
You are going to hate this
You do realize the sad, sad story behind these latest Linux exploits? No?
Get this: This bug has been known for a long time. Actually it was patched <i>back in 2007</i>. But the chaotic and inept Linux configuration management <u>reintroduced</u> the bug again.
And this is far from the first time something like this happened. How can you trust an OS which repeatedly patches its many (many!) bugs only to see them reverted and then patched again?
@ye: No he dit NOT!
As they say some appearances are illusory and can lead to error. You lead me to believe you were honest.
Now I see how wrong I was.
Yes, he did. Bury your head in the and if you need to. Insult me if it help
Where can I get the exploit code?
At http://www.seclists.org/fulldisclosure/2010/Sep/268 I found a link to ABftw_c.bin called ABftw.c
What is that ? How do I use it? What will it do?
RE: Where can I get the exploit code?
It won't do anything now - the patch has already been released for the major distros... Unless the admin's don't patch :)
LOL!! Thanks for the laugh this morning! (nt)
A sad joke is no laughing matter
Seeing you partnering with the technically inept got me wondering
RE: Linux kernel exploit roots 64-bit machines
Great post! We were told all the time how this could not happen yet it did! I'm glad I didn't stake my reputation on linux.
Of course you didn't.
Isn't it obvious why?
RE: I'm glad I didn't stake my reputation on linux.
I had a snarky retort for you, but on second thought, ..... never mind, it would be a waste of time.
One could explain quantum physics to a `brick wall`, but the `brick wall` is incapable of comprehension. Sadly, I feel that metaphor applies to you also.
why you are stoopid, Loverock Davidson...
Oh, but you know everything already. I needn't remind you this horrendous "flaw" was never exploited, but 24 million windows machines were exploited today alone.
But I apologize, Linus Davidson, I bend to your superior $#1t; It stinks, mine doesn't. That makes you better. My bad.
BTW Linus. I knew you needed to "blow off some steam" like Rush said the torturous prison guards in Iraq were "merely" doing, but I didn't realize you also held a majority share of McAfee AND Norton...!
Well done. Crap on everyone at once, while you go on developing the safest most efficient OS a computer ever could wish for.
You are pure genius, Linus.. er "Loverock Davidson." ;) Your secret is safe with me! =)
RE: Linux kernel exploit roots 64-bit machines
IT'S LOVEROCK THE APPLE MOLE BACK AGAIN.