Robert G. (Doc) Savage wrote:
On Tue, 2010-09-21 at 09:19 -0500, Robert G. (Doc) Savage wrote:
On Tue, 2010-09-21 at 08:18 -0400, Linda Wang wrote:
It is live on RHN as of late last night/early this morning:
RHSA-2010:0704.
Confirmed. I had to run 'yum update' twice for the kernel update to
appear, but it's there. Come 'n get it
Well... Maybe. I downloaded and installed the new kernel, then rebooted
and reran the Ksplice diagnostic:
$ ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice,
Inc.
(see http://www.ksplice.com/uptrack/cve-2010-3081)
$$$ Kernel release: 2.6.18-194.11.4.el5
$$$ Backdoor in LSM (1/3): checking...not present.
$$$ Backdoor in timer_list_fops (2/3): not available.
$$$ Backdoor in IDT (3/3): checking...not present.
Your system is free from the backdoors that would be left in
memory
by the published exploit for CVE-2010-3081.
This doesn't look right. That's the same result I got for the -194.11.3
kernel. I was expecting to see something similar to the output I got for
the F13 kernel:
$$$ Kernel release: 2.6.34.6-54.fc13.x86_64
!!! Could not find symbol: per_cpu__current_task
A symbol required by the published exploit for CVE-2010-3081 is
not provided by your kernel. The exploit would not work on your
system.
Thoughts?
--Doc Savage, CISSP
Fairview Heights, IL
I ran the diagnostic code and got the same result. I then tried the
exploit code and it errored out instead of giving me a shell.
Hugh
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
