Forgot your password?
Security The Internet Linux

Speedy Attack Targets Web Servers With Outdated Linux Kernels 93

Posted by Soulskill
from the update-your-junk dept.
alphadogg writes "Web servers running a long-outdated version of the Linux kernel were attacked with dramatic speed over two days last week, according to Cisco Systems. All the affected servers were running the 2.6 version, first released in December 2003. 'When attackers discover a vulnerability in the system, they can exploit it at their whim without fear of it being remedied,' Cisco said. After the Web server has been compromised, the attackers slip in a line of JavaScript to other JavaScript files within the website. That code bounces the website's visitors to a second compromised host. 'The two-stage process allows attackers to serve up a variety of malicious content to the visitor,' according to Cisco."
This discussion has been archived. No new comments can be posted.

Speedy Attack Targets Web Servers With Outdated Linux Kernels

Comments Filter:
  • by Nimey (114278) on Friday March 21, 2014 @03:29PM (#46546025) Homepage Journal

    All the affected servers were running the 2.6 version, first released in December 2003.

    Not even wrong. I guarandamntee you that none of the affected computers were actually running 2.6.0, and it wouldn't have been /that/ long ago that such an obviously stupid and ill-researched claim wouldn't have been posted.

    Soulskill, you /do/ understand that there were forty different versions of Linux in the 2.6 series, do you not? You do understand that the final 2.6 release was in August 2011 and it was numbered, which I know because I did 5 minutes of basic Googling?

  • Re:where's the door? (Score:5, Informative)

    by Anonymous Coward on Friday March 21, 2014 @03:29PM (#46546031)

    I think its pretty unfair to refer to kernel 2.6, subversions of 2.6 were in use in one form or another from 2003 to 2011, 3.0 was brought about because Linus randomly decided to up the version number one day, not because of any single significant change. Plenty of old distros that still have security support are running 2.6 kernels that are regularly patched and completely up to date security wise.

  • by Penguinisto (415985) on Friday March 21, 2014 @04:54PM (#46546649) Journal

    It gets worse (or IMHO, less competent):

    Author Comment FTFA (bottom of page - emphasis mine):

    "We haven’t identified the initial attack vector. We have no reason to suspect that the attack isn’t via http. I’d be very interested to hear from any affected sys admins if they identify how the attackers gain access."

    In other words, they don't even know if it's the effing kernel at this point -all they know is that 2,000 some-odd websites have been bit, and they all use the absolute most common kernel version for webservers on the planet (2.6.x).

      Hell, for all we know it could be some commonly-shared crappy PHP script getting popped. :/

The meta-Turing test counts a thing as intelligent if it seeks to devise and apply Turing tests to objects of its own creation. -- Lew Mammel, Jr.