CVE-2010-3081

["Robert G. (Doc) Savage" <dsavage@peaknet.net>]

I was concerned about the recent Linux kernel vulnerability reports
until I read this:

        http://isc.sans.edu/diary.html?storyid=9574

I downloaded and ran the "diagnose-2010-3081" binary on my RHEL55 server
and was relieved to see:

        $ ./diagnose-2010-3081 
        Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice,
        Inc.
        (see http://www.ksplice.com/uptrack/cve-2010-3081)
        
        $$$ Kernel release: 2.6.18-194.11.3.el5
        $$$ Backdoor in LSM (1/3): checking...not present.
        $$$ Backdoor in timer_list_fops (2/3): not available.
        $$$ Backdoor in IDT (3/3): checking...not present.
        
        Your system is free from the backdoors that would be left in
        memory
        by the published exploit for CVE-2010-3081.

I also ran it on my 64-bit F13 laptop and was similiarly relieved:

        $ ./diagnose-2010-3081 
        Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice,
        Inc.
        (see http://www.ksplice.com/uptrack/cve-2010-3081)
        
        $$$ Kernel release: 2.6.34.6-54.fc13.x86_64
        !!! Could not find symbol: per_cpu__current_task
        
        A symbol required by the published exploit for CVE-2010-3081 is
        not
        provided by your kernel.  The exploit would not work on your
        system.

As long as you are up-to-date with the latest patches (and not the ones
still in updates-testing), it appears you'll have nothing to worry
about.

--Doc Savage, CISSP
  Fairview Heights, IL


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.