Published on: September 17, 2010 by George K.
Scenario:
A continuation of the previous exploits. http://isec.pl/vulnerabilities/isec-0025-syscall-emulation.txt
Full Disclosure here – http://seclists.org/fulldisclosure/2010/Sep/268 & mitigation at http://seclists.org/fulldisclosure/2010/Sep/273
Details about the 0 day exploit and how to test whether your system is exploitable or not. However no need to get panicked as this particular exploit was with l33t hackers for last 2 years as you can see at the above link. Now since it is public now, take an extra care if uname -m gives you a x86_64.
Two CVE candidates are there – CVE-2010-3081 and CVE-2010-3301. One will affect the server and other don’t.
Temporary solution would be to follow https://access.redhat.com/kb/docs/DOC-40265
Category : General, Linux, Security
Add new commentSIGN IN