Linux Kernel Exploit Busily Rooting 64-Bit Machines

Linux Kernel Exploit Busily Rooting 64-Bit Machines 488

Posted by timothy on Sunday September 19, 2010 @11:11PM from the get-your-patch-on dept.

An anonymous reader writes "Running 64-bit Linux? Haven't updated yet? You're probably being rooted as I type this. CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel, is compromising machines left and right. Almost all 64-bit machines are affected, and 'Ac1db1tch3z' (classy) published code to let any local user get a root shell. Ac1db1tch3z's exploit is more malicious than usual because it leaves a backdoor behind for itself to exploit later even if the hole is patched. Luckily, there's a tool you can run to see if you've already been exploited, courtesy of security company Ksplice, which beat most of the Linux vendors with a 'rebootless' version of the patch."

Linux Kernel Exploit Busily Rooting 64-Bit Machines

This discussion has been archived. No new comments can be posted.

Search 488 Comments Log In/Create an Account

Comments Filter:

Hmmm... (Score:1, Funny)

by Anonymous Coward writes: on Sunday September 19, 2010 @11:17PM (#33632024)

First root! Oh crap...

Re:Is Slashdot advertising now? (Score:5, Funny)

by clang_jangle ( 975789 ) writes: on Sunday September 19, 2010 @11:47PM (#33632246) Journal

Because the article is alarmist bs? You are probably NOT being rooted even as you read this.
***Ding ding ding***

We have a winner -- Don Pardot, tell Ms. Hudson what she's won!

Re:Scriptkiddies these days (Score:3, Funny)

by socceroos ( 1374367 ) writes: on Sunday September 19, 2010 @11:57PM (#33632308)

Speaking from the grave I see, Mr. 979059. =D

Re:Scriptkiddies these days (Score:5, Funny)

by smash ( 1351 ) writes: on Monday September 20, 2010 @12:01AM (#33632336) Homepage Journal

quiet, children.

Re:Scriptkiddies these days (Score:2, Funny)

by Pseudonym Authority ( 1591027 ) writes: on Monday September 20, 2010 @12:02AM (#33632348)

I used to have a 4 digit UID, but it was stolen by Ac1db1tch3z.

Re:Need help patching/checking (Score:3, Funny)

by larry bagina ( 561269 ) writes: on Monday September 20, 2010 @12:04AM (#33632358) Journal

post your ip address and root password and I'll check it for you.

Re:Scriptkiddies these days (Score:5, Funny)

by socceroos ( 1374367 ) writes: on Monday September 20, 2010 @12:06AM (#33632380)

Guys, come look, its Abraham!

Re:Not running it... (Score:3, Funny)

by Mr Thinly Sliced ( 73041 ) writes: on Monday September 20, 2010 @12:57AM (#33632630) Journal

Looks like a poor mans attempt at humour.
I'd say from looking at it those were a bunch of sensible #defines before the code was released and in a fit of humour said author thought it would be funny to do a find and replace on the original ALL_CAPS_SENSIBLE_NAMES.
It just looks cheap, if you ask me.
Now back in my University days we had to implement the producers consumer problem in lisp and whilst I don't have the code to hand I do remember that I came up with the poem the code was going to say _before_ I wrote the code that solved the producers consumers assignment....
The only thing that still sticks in my head is the first line:
(hold_your (trousers) (lovelytrousers))
Yes, the queue was a pair of trousers, and the widgets were sausages.
Was fascinating, I tell you. And totally high class.

Re:Not running it... (Score:5, Funny)

by The_mad_linguist ( 1019680 ) writes: on Monday September 20, 2010 @01:01AM (#33632644)

This is all really transparent.
You obviously get __yyrhdgdtfs66ytgetrfd to turn into __yyy_tegdtfsre by the addition of a reverse polish goto callback, an obscure function performed by overloading TMAGIC_66TDFDRTS and calling it every clock cycle.
Using PREPARE_GGDTSGFSRFSD and OVERRIDE_GGDTSGFSRFSD is standard procedure when dealing with credentials that are formatted in octal precision trinary floating point, and reverting them via REVERT_DHDGTRRTEFDTD is a result of taking GGDTSGFSRFSD and applying the ')(' operator.
And, of course, any competent CS professional who passed his first freshman year introductory course knows that gggdfstsgdt_dddex is the result of your cat walking across the keyboard.

Re:Scriptkiddies these days (Score:5, Funny)

by caferace ( 442 ) writes: on Monday September 20, 2010 @02:00AM (#33632828) Homepage

no, you.

Re:Need help patching/checking (Score:5, Funny)

by nacturation ( 646836 ) * writes: <nacturation AT gmail DOT com> on Monday September 20, 2010 @02:52AM (#33633016) Journal

post your ip address and root password and I'll check it for you.
127.0.0.1
hunter2

Re:Scriptkiddies these days (Score:3, Funny)

by Runaway1956 ( 1322357 ) writes: on Monday September 20, 2010 @03:09AM (#33633060) Homepage Journal

Someone woke Methuselah - now there will be hell to pay!

My own Computer - Dude! (Score:3, Funny)

by spineboy ( 22918 ) writes: on Monday September 20, 2010 @04:52AM (#33633336) Journal

Dude! - I am SO going to root my very own computer!

Re:But wait (Score:5, Funny)

by TheRaven64 ( 641858 ) writes: on Monday September 20, 2010 @04:59AM (#33633342) Journal

No, Apple devices do not have security vulnerabilities to exploit. They do sometimes have remote-user-friendly jailbreaks, but that's an entirely different thing.

Re:Bad Publicity... (Score:3, Funny)

by buchner.johannes ( 1139593 ) writes: on Monday September 20, 2010 @05:11AM (#33633388) Homepage Journal

Obviously both copied from SCO. Namely their 64 bit code.

Re:poorly described (Score:3, Funny)

by buchner.johannes ( 1139593 ) writes: on Monday September 20, 2010 @05:36AM (#33633522) Homepage Journal

Function names like wtfyourunhere_heee, p4tch_sel1nux_codztegfaddczda and datatypes like __yyrhdgdtfs66ytgetrfd as well as hex-code doesn't make the code look less suspicious.
I can't be sure that the rootkit (or a different one) is not in there.
You are a dummy for downloading from a http website without a checksum. No thank you.

LOL (Score:3, Funny)

by boxwood ( 1742976 ) writes: on Monday September 20, 2010 @07:44AM (#33634136)

did anyone check the source code for that diagnose command?
static void put_your_hands_up_hooker(int argc, char *argv[])
WTF?

Re:But wait (Score:3, Funny)

by Lumpy ( 12016 ) writes: on Monday September 20, 2010 @08:00AM (#33634230) Homepage

I agree, the web browser is highly insecure. Anyone that cares about security will not run one.

Re:But wait (Score:3, Funny)

by CarpetShark ( 865376 ) writes: on Monday September 20, 2010 @08:08AM (#33634270)

What part of Web *BROWSER* did you not understand?
IE's rendering engine? ;)

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Linux Kernel Exploit Busily Rooting 64-Bit Machines 488

Linux Kernel Exploit Busily Rooting 64-Bit Machines More Login

Linux Kernel Exploit Busily Rooting 64-Bit Machines

Hmmm... (Score:1, Funny)

Re:Is Slashdot advertising now? (Score:5, Funny)

Re:Scriptkiddies these days (Score:3, Funny)

Re:Scriptkiddies these days (Score:5, Funny)

Re:Scriptkiddies these days (Score:2, Funny)

Re:Need help patching/checking (Score:3, Funny)

Re:Scriptkiddies these days (Score:5, Funny)

Re:Not running it... (Score:3, Funny)

Re:Not running it... (Score:5, Funny)

Re:Scriptkiddies these days (Score:5, Funny)

Re:Need help patching/checking (Score:5, Funny)

Re:Scriptkiddies these days (Score:3, Funny)

My own Computer - Dude! (Score:3, Funny)

Re:But wait (Score:5, Funny)

Re:Bad Publicity... (Score:3, Funny)

Re:poorly described (Score:3, Funny)

LOL (Score:3, Funny)

Re:But wait (Score:3, Funny)

Re:But wait (Score:3, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot