Speedy Attack Targets Web Servers With Outdated Linux Kernels

alphadogg writes "Web servers running a long-outdated version of the Linux kernel were attacked with dramatic speed over two days last week, according to Cisco Systems. All the affected servers were running the 2.6 version, first released in December 2003. 'When attackers discover a vulnerability in the system, they can exploit it at their whim without fear of it being remedied,' Cisco said. After the Web server has been compromised, the attackers slip in a line of JavaScript to other JavaScript files within the website. That code bounces the website's visitors to a second compromised host. 'The two-stage process allows attackers to serve up a variety of malicious content to the visitor,' according to Cisco."

Re:No Details

[wolrahnaes]

Yeah, the article is extremely uninformative. They say 2.6 and yet RHEL/CENTOS 6.5 are 2.6... so that meaning nothing as far as being "old" or "outdated".

Well it sort of does. RHEL is intentionally outdated because that's what their market wants. It's stupid, I know, but there are a lot of people out there who still really want a world where software never updates so the hacked together shit that runs their business can keep running rather than doing it right.