Canadian Web Hosting Blog and News
12Feb/080

Local Root Exploit in Multiple Versions of Linux Kernels

All security websites are reporting that there is a script that will allow non-root users with ssh2 access to obtain full access to the system.

http://www.securityfocus.com/bid/27704/info

http://it.slashdot.org/it/08/02/10/2011257.shtml

All our servers were patched this morning and restarted. According to Redhat bugzilla, it only affected servers running Redhat 5. Servers on Redhat 4 were not affected.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-0600

This is considered a very severe exploit.

If you have other servers and want to check if you're vulnerable, do the following in shell:

grep -ri vmsplice /boot/System.map-$(uname -r)

if it returns nothing = not vulnerable
if it returns something like: c048fdf7 T sys_vmsplice = vulnerable

 

Kevin Liang
CTO / SEO Guru
Canadian Web Hosting
http://www.canadianwebhosting.com/

Filed under: Web Hosting No Comments