Attackers have used a freely available exploit to target a number of 64-bit Linux machines, according to a Linux patch management software firm.
The exploit is particularly pernicious, as it can leave a backdoor on systems that have workarounds deployed, according to rebootless Linux security update company Ksplice. The stack pointer underflow weakness has been given a common vulnerability code of CVE-2010-3081.
"In the last day, we've received many reports of people attacking production systems using an exploit for this vulnerability, so if you run Linux systems, we recommend that you strongly consider patching this," said Ksplice chief executive Jeff Arnold in a blog post on Saturday. Exploit code was made available on the Full Disclosure mailing list on Wednesday. Arnold said that the flaw was introduced into the Linux kernel in 2008 and involves every 64-bit Linux distribution.
For more of this story, read Linux kernel exploit roots 64-bit machines on ZDNet UK.