Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Kernel Exploit Busily Rooting 64-Bit Machines

Posted by timothy on from the get-your-patch-on dept.

An anonymous reader writes "Running 64-bit Linux? Haven't updated yet? You're probably being rooted as I type this. CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel, is compromising machines left and right. Almost all 64-bit machines are affected, and 'Ac1db1tch3z' (classy) published code to let any local user get a root shell. Ac1db1tch3z's exploit is more malicious than usual because it leaves a backdoor behind for itself to exploit later even if the hole is patched. Luckily, there's a tool you can run to see if you've already been exploited, courtesy of security company Ksplice, which beat most of the Linux vendors with a 'rebootless' version of the patch."

19 of 488 comments (clear)

  1. Hmmm... by Anonymous Coward · · Score: 1, Funny

    First root! Oh crap...

  2. Re:Is Slashdot advertising now? by clang_jangle · · Score: 4, Funny

    Because the article is alarmist bs? You are probably NOT being rooted even as you read this.

    ***Ding ding ding***

    We have a winner -- Don Pardot, tell Ms. Hudson what she's won!

    --
    Caveat Utilitor
  3. Re:Scriptkiddies these days by socceroos · · Score: 2, Funny

    Speaking from the grave I see, Mr. 979059. =D

  4. Re:Scriptkiddies these days by smash · · Score: 4, Funny

    quiet, children.

    --
    I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
  5. Re:Scriptkiddies these days by Pseudonym+Authority · · Score: 2, Funny

    I used to have a 4 digit UID, but it was stolen by Ac1db1tch3z.

  6. Re:Need help patching/checking by larry+bagina · · Score: 3, Funny

    post your ip address and root password and I'll check it for you.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  7. Re:Scriptkiddies these days by socceroos · · Score: 4, Funny

    Guys, come look, its Abraham!

  8. Re:Not running it... by Mr+Thinly+Sliced · · Score: 3, Funny

    Looks like a poor mans attempt at humour.

    I'd say from looking at it those were a bunch of sensible #defines before the code was released and in a fit of humour said author thought it would be funny to do a find and replace on the original ALL_CAPS_SENSIBLE_NAMES.

    It just looks cheap, if you ask me.

    Now back in my University days we had to implement the producers consumer problem in lisp and whilst I don't have the code to hand I do remember that I came up with the poem the code was going to say _before_ I wrote the code that solved the producers consumers assignment....

    The only thing that still sticks in my head is the first line:

    (hold_your (trousers) (lovelytrousers))

    Yes, the queue was a pair of trousers, and the widgets were sausages.

    Was fascinating, I tell you. And totally high class.

  9. Re:Not running it... by The_mad_linguist · · Score: 4, Funny

    This is all really transparent.

    You obviously get __yyrhdgdtfs66ytgetrfd to turn into __yyy_tegdtfsre by the addition of a reverse polish goto callback, an obscure function performed by overloading TMAGIC_66TDFDRTS and calling it every clock cycle.

    Using PREPARE_GGDTSGFSRFSD and OVERRIDE_GGDTSGFSRFSD is standard procedure when dealing with credentials that are formatted in octal precision trinary floating point, and reverting them via REVERT_DHDGTRRTEFDTD is a result of taking GGDTSGFSRFSD and applying the ')(' operator.

    And, of course, any competent CS professional who passed his first freshman year introductory course knows that gggdfstsgdt_dddex is the result of your cat walking across the keyboard.

  10. Re:Scriptkiddies these days by caferace · · Score: 5, Funny

    no, you.

  11. Re:Need help patching/checking by nacturation · · Score: 4, Funny

    post your ip address and root password and I'll check it for you.

    127.0.0.1
    hunter2

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  12. Re:Scriptkiddies these days by Runaway1956 · · Score: 2, Funny

    Someone woke Methuselah - now there will be hell to pay!

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  13. My own Computer - Dude! by spineboy · · Score: 2, Funny

    Dude! - I am SO going to root my very own computer!

    --
    ..........FULL STOP.
  14. Re:But wait by TheRaven64 · · Score: 4, Funny

    No, Apple devices do not have security vulnerabilities to exploit. They do sometimes have remote-user-friendly jailbreaks, but that's an entirely different thing.

    --
    I am TheRaven on Soylent News
  15. Re:Bad Publicity... by buchner.johannes · · Score: 2, Funny

    Obviously both copied from SCO. Namely their 64 bit code.

    --
    NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  16. Re:poorly described by buchner.johannes · · Score: 2, Funny

    Function names like wtfyourunhere_heee, p4tch_sel1nux_codztegfaddczda and datatypes like __yyrhdgdtfs66ytgetrfd as well as hex-code doesn't make the code look less suspicious.
    I can't be sure that the rootkit (or a different one) is not in there.

    You are a dummy for downloading from a http website without a checksum. No thank you.

    --
    NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  17. LOL by boxwood · · Score: 2, Funny

    did anyone check the source code for that diagnose command?

    static void put_your_hands_up_hooker(int argc, char *argv[])

    WTF?

  18. Re:But wait by Lumpy · · Score: 2, Funny

    I agree, the web browser is highly insecure. Anyone that cares about security will not run one.

    --
    Do not look at laser with remaining good eye.
  19. Re:But wait by CarpetShark · · Score: 2, Funny

    What part of Web *BROWSER* did you not understand?

    IE's rendering engine? ;)