Linux Kernel Exploit Busily Rooting 64-Bit Machines 488
An anonymous reader writes "Running 64-bit Linux? Haven't updated yet? You're probably being rooted as I type this. CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel, is compromising machines left and right. Almost all 64-bit machines are affected, and 'Ac1db1tch3z' (classy) published code to let any local user get a root shell. Ac1db1tch3z's exploit is more malicious than usual because it leaves a backdoor behind for itself to exploit later even if the hole is patched. Luckily, there's a tool you can run to see if you've already been exploited, courtesy of security company Ksplice, which beat most of the Linux vendors with a 'rebootless' version of the patch."
Hmmm... (Score:1, Funny)
First root! Oh crap...
Re:Is Slashdot advertising now? (Score:5, Funny)
***Ding ding ding***
We have a winner -- Don Pardot, tell Ms. Hudson what she's won!
Re:Scriptkiddies these days (Score:3, Funny)
Re:Scriptkiddies these days (Score:5, Funny)
Re:Scriptkiddies these days (Score:2, Funny)
Re:Need help patching/checking (Score:3, Funny)
post your ip address and root password and I'll check it for you.
Re:Scriptkiddies these days (Score:5, Funny)
Re:Not running it... (Score:3, Funny)
Looks like a poor mans attempt at humour.
I'd say from looking at it those were a bunch of sensible #defines before the code was released and in a fit of humour said author thought it would be funny to do a find and replace on the original ALL_CAPS_SENSIBLE_NAMES.
It just looks cheap, if you ask me.
Now back in my University days we had to implement the producers consumer problem in lisp and whilst I don't have the code to hand I do remember that I came up with the poem the code was going to say _before_ I wrote the code that solved the producers consumers assignment....
The only thing that still sticks in my head is the first line:
(hold_your (trousers) (lovelytrousers))
Yes, the queue was a pair of trousers, and the widgets were sausages.
Was fascinating, I tell you. And totally high class.
Re:Not running it... (Score:5, Funny)
This is all really transparent.
You obviously get __yyrhdgdtfs66ytgetrfd to turn into __yyy_tegdtfsre by the addition of a reverse polish goto callback, an obscure function performed by overloading TMAGIC_66TDFDRTS and calling it every clock cycle.
Using PREPARE_GGDTSGFSRFSD and OVERRIDE_GGDTSGFSRFSD is standard procedure when dealing with credentials that are formatted in octal precision trinary floating point, and reverting them via REVERT_DHDGTRRTEFDTD is a result of taking GGDTSGFSRFSD and applying the ')(' operator.
And, of course, any competent CS professional who passed his first freshman year introductory course knows that gggdfstsgdt_dddex is the result of your cat walking across the keyboard.
Re:Scriptkiddies these days (Score:5, Funny)
Re:Need help patching/checking (Score:5, Funny)
post your ip address and root password and I'll check it for you.
127.0.0.1
hunter2
Re:Scriptkiddies these days (Score:3, Funny)
My own Computer - Dude! (Score:3, Funny)
Dude! - I am SO going to root my very own computer!
Re:But wait (Score:5, Funny)
No, Apple devices do not have security vulnerabilities to exploit. They do sometimes have remote-user-friendly jailbreaks, but that's an entirely different thing.
Re:Bad Publicity... (Score:3, Funny)
Obviously both copied from SCO. Namely their 64 bit code.
Re:poorly described (Score:3, Funny)
Function names like wtfyourunhere_heee, p4tch_sel1nux_codztegfaddczda and datatypes like __yyrhdgdtfs66ytgetrfd as well as hex-code doesn't make the code look less suspicious.
I can't be sure that the rootkit (or a different one) is not in there.
You are a dummy for downloading from a http website without a checksum. No thank you.
LOL (Score:3, Funny)
did anyone check the source code for that diagnose command?
static void put_your_hands_up_hooker(int argc, char *argv[])
WTF?
Re:But wait (Score:3, Funny)
I agree, the web browser is highly insecure. Anyone that cares about security will not run one.
Re:But wait (Score:3, Funny)
IE's rendering engine? ;)