Linux kernel exploit gives hackers a back door

Users of 64-bit distributions of Linux need to patch to prevent attacks using an aggressively exploited flaw.

Linux is well-known for its security advantages over many other operating systems, but that doesn't mean it's immune to problems.

A Linux kernel flaw first discovered earlier this month, for example, gives hackers a way to not just gain root privileges in 64-bit Linux operating systems but also to leave a "back door" open for further exploitation later.

CVE-2010-3081, as the high-profile vulnerability is known, affects virtually all users of 64-bit Linux distributions, including RHEL, CentOS, Debian, Ubuntu, CloudLinux, SuSE and more. It was introduced into the Linux kernel back in 2008, and a hacker by the name of 'Ac1db1tch3z' last week published details on exploiting it.

Essentially, the vulnerability stems from a problem with the way the Linux kernel validates memory ranges when allocating memory on behalf of 32-bit system calls. The result was that on a 64-bit system, a local attacker could perform malicious multicast "getsockopt" calls to gain root privileges.

The vulnerability is not a problem on 32-bit Linux systems, which are immune to this particular exploit.

Ineffective Workarounds

Since the exploit was made public, multiple major Linux installations have reported hack attempts that tried to use it to gain superuser privileges, according to security firm Ksplice. Several temporary workarounds were published shortly thereafter for RHEL and others, but they did not fully fix the vulnerability; rather, modified versions of the exploit could still be used to gain access later.

Ksplice on Saturday released a tool to help Linux users determine whether their machines have already been exploited by looking for the exploit's signature "back door." Users of compromised systems should follow their standard incident-handling procedures, Ksplice said.

To fix the problem on uncompromised systems, meanwhile, users can take advantage of a no-cost, 30-day trial on Ksplice's "Uptrack" service, which will fix the vulnerability on production systems for free without having to reboot.

The Linux kernel has already been patched, and many affected Linux distributions have also released fixes, including Ubuntu, Red Hat, Debian and CentOS.

Another Kernel Flaw

Coincidentally, a second and similar Linux exploit known as CVE-2010-3301 was also recently discovered and fixed last week in the Linux kernel. That problem derived from the fact that the registers on 64-bit kernels were not correctly filtered when performing 32-bit system calls on a 64-bit system. This, too, could also allow local attackers to gain root privileges.

Ubuntu's Friday update addressed the CVE-2010-3301 exploit as well. RHEL is immune to this particular problem, while developers at Fedora,Debian and other distributions are currently working on addressing it.

In the meantime, users can also consider using the chkrootkit tool to help find signs of tampering.

Follow Katherine Noyes on Twitter: @Noyesk.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags unixLinuxsecuritysoftwarenon-Windowsoperating systems

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Katherine Noyes

PC World (US online)
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?