Linux Kernel: 64-bit Compatibility Mode Stack Pointer Underflow CVE-2010-3081
From GridPP Wiki
Contents
Linux Kernel: 64-bit Compatibility Mode Stack Pointer Underflow CVE-2010-3081
Both RH4 and RH5 64-bit kernels are vulnerable
Patched kernels are:
* RHEL4/CentOS4/SL4/SLC4: kernel-2.6.9-89.29.1
* RHEL5/CentOS5/SL5/SLC5: kernel-2.6.18-194.11.4.el5
References
* Does CVE-2010-3081 affect Red Hat Enterprise Linux?
* RedHat Bug 634457
Linux Vendor Kernel Update RH5/SL5:
* RedHat: RedHat Kernel Update to fix CVE-2010-3081 * SL: SL Kernel Update to fix CVE-2010-3081 * SLC: SLC Kernel Update to fix CVE-2010-3081 * Debian: Debian Kernel Update to fix CVE-2010-3081
* Ubuntu: Ubuntu Kernel Update to fix CVE-2010-3081
* Fedora: Fedor Kernel Update to fix CVE-2010-3081 * CentOS: CentOS announcement - Kernel Update to fix CVE-2010-3081
Linux Vendor Kernel Update RH4/SL4:
* RedHat: RedHat4 Kernel Update to fix CVE-2010-3081 * SL: SL4 Kernel Update to fix CVE-2010-3081
Other Information
* ksplice tool for detecting the CVE-2010-3081 high-profile exploit note: it can only detect the backdoor left by the publicly circulated exploit. It is not a general tool for rootkit checking
* Reporter - Ben Hawkes' Blog
* The public exploit code posted at Full Disclosure mailing list Please note, this exploit will leave a non-persistent backdoor. A reboot should clean the backdoor!
* Another public exploit code
* Workaround for the public exploit at Full Disclosure mailing list
* Informatin on how the workaround works
* A claim that the above workaround DOES NOT PREVENT EXPLOIT