Linux Kernel: 64-bit Compatibility Mode Stack Pointer Underflow CVE-2010-3081

Linux Kernel: 64-bit Compatibility Mode Stack Pointer Underflow CVE-2010-3081

Both RH4 and RH5 64-bit kernels are vulnerable

Patched kernels are:

   * RHEL4/CentOS4/SL4/SLC4: kernel-2.6.9-89.29.1

   * RHEL5/CentOS5/SL5/SLC5: kernel-2.6.18-194.11.4.el5

References

   * Does CVE-2010-3081 affect Red Hat Enterprise Linux?

   * RedHat Bug 634457

Linux Vendor Kernel Update RH5/SL5:

   * RedHat: RedHat Kernel Update to fix CVE-2010-3081
   
   * SL: SL Kernel Update to fix CVE-2010-3081
     
   * SLC: SLC Kernel Update to fix CVE-2010-3081
     
   * Debian: Debian Kernel Update to fix CVE-2010-3081

   * Ubuntu: Ubuntu Kernel Update to fix CVE-2010-3081

   * Fedora: Fedor Kernel Update to fix CVE-2010-3081

   * CentOS: CentOS announcement - Kernel Update to fix CVE-2010-3081

Linux Vendor Kernel Update RH4/SL4:

   * RedHat: RedHat4 Kernel Update to fix CVE-2010-3081
   * SL: SL4 Kernel Update to fix CVE-2010-3081

Other Information

   * ksplice tool for detecting the CVE-2010-3081 high-profile exploit
     note: it can only detect the backdoor left by the publicly circulated exploit. It is not a general tool for rootkit checking

   * Reporter - Ben Hawkes' Blog

   * The public exploit code posted at Full Disclosure mailing list
     Please note, this exploit will leave a non-persistent backdoor. A reboot should clean the backdoor!

   * Another public exploit code

   * Workaround for the public exploit at Full Disclosure mailing list

   * Informatin on how the workaround works

   * A claim that the above workaround DOES NOT PREVENT EXPLOIT