On Mon, 2010-09-20 at 09:08 -0400, Gary Gatling wrote: > > Will a new kernel be coming out soon to address CVE-2010-3081? > > Thanks, > > Gary Gatling | ITECS Systems
Gary, I was concerned about this until I read this: http://isc.sans.edu/diary.html?storyid=9574 I downloaded and ran the "diagnose-2010-3081" binary on my RHEL55 server and was relieved to see: $ ./diagnose-2010-3081 Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc. (see http://www.ksplice.com/uptrack/cve-2010-3081) $$$ Kernel release: 2.6.18-194.11.3.el5 $$$ Backdoor in LSM (1/3): checking...not present. $$$ Backdoor in timer_list_fops (2/3): not available. $$$ Backdoor in IDT (3/3): checking...not present. Your system is free from the backdoors that would be left in memory by the published exploit for CVE-2010-3081. I also ran it on my 64-bit F13 laptop and was similiarly relieved: $ ./diagnose-2010-3081 Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc. (see http://www.ksplice.com/uptrack/cve-2010-3081) $$$ Kernel release: 2.6.34.6-54.fc13.x86_64 !!! Could not find symbol: per_cpu__current_task A symbol required by the published exploit for CVE-2010-3081 is not provided by your kernel. The exploit would not work on your system. As long as you are up-to-date with the latest patches (and not the ones still in updates-testing), it appears you'll have nothing to worry about. --Doc Savage, CISSP Fairview Heights, IL _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
