Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Kernel Exploit Busily Rooting 64-Bit Machines

Posted by timothy on from the get-your-patch-on dept.

An anonymous reader writes "Running 64-bit Linux? Haven't updated yet? You're probably being rooted as I type this. CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel, is compromising machines left and right. Almost all 64-bit machines are affected, and 'Ac1db1tch3z' (classy) published code to let any local user get a root shell. Ac1db1tch3z's exploit is more malicious than usual because it leaves a backdoor behind for itself to exploit later even if the hole is patched. Luckily, there's a tool you can run to see if you've already been exploited, courtesy of security company Ksplice, which beat most of the Linux vendors with a 'rebootless' version of the patch."

2 of 488 comments (clear)

  1. Re:Is Slashdot advertising now? by tomhudson · · Score: 5, Interesting

    Because the article is alarmist bs? You are probably NOT being rooted even as you read this. Every ksplice story slashdot has carried has turned out to be no big deal. I'm going to ignore it, based on their previous performance.

  2. Re:Bad Publicity... by marcansoft · · Score: 5, Interesting

    Microsoft already felt the pain, because the Xbox 360 hypervisor got owned by the same exact hole . It would almost be the same instruction-by-instruction identical bug were it not for the fact that the 360 is a PowerPC system and this is an x86_64 hole. Yes, they, too, used a 32-bit compare to check the system call humber, then indexed into the array using the full 64 bits, exactly the same bug that caused this Linux hole.