Speedy Attack Targets Web Servers With Outdated Linux Kernels

alphadogg writes "Web servers running a long-outdated version of the Linux kernel were attacked with dramatic speed over two days last week, according to Cisco Systems. All the affected servers were running the 2.6 version, first released in December 2003. 'When attackers discover a vulnerability in the system, they can exploit it at their whim without fear of it being remedied,' Cisco said. After the Web server has been compromised, the attackers slip in a line of JavaScript to other JavaScript files within the website. That code bounces the website's visitors to a second compromised host. 'The two-stage process allows attackers to serve up a variety of malicious content to the visitor,' according to Cisco."

Re:where's the door?

[hermitdev]

While it is supported, and RH claims backwards compatibility, they do have an annoying habit of breaking things. I remember going from a point minor version of RHEL 5 (I think it was 5.5 to 5.6; it might have been an earlier release) to the next, and they broke the behavior of semaphores. In the prior version, a "sem_wait" would block until the semaphore was signaled, in the next version, it'd indicate errno EAGAIN. This was an unexpected change and required code changes for my company's apps at the time to busy wait when trying to acquire a semaphore.

Read the comments first.

[shipofgold]

The comments at the end of the CISCO article flush out the fact that they noticed a line of malicious javascript at the end of a large number of .js files but they have no idea how it got there.

In fact the list of JS files given include many that are not even running on Linux servers.

The author is irresponsible at best, and incompetent at worst...