On 09/20/2010 03:34 PM, Jose Ramon Perez wrote:
Tengo unos servidores de pruebas 64 bits CentOS 5 y despues de compilar el codigo que publican y ejecutarlo este es el resultado el cual comparto con todos:
[jramon@localhost ~]$ ./a.out Ac1dB1tCh3z VS Linux kernel 2.6 kernel 0d4y $$$ Kallsyms +r $$$ K3rn3l r3l3as3: 2.6.18-194.11.3.el5 ??? Trying the F0PPPPPPPPPPPPPPPPpppppppppp_____ m3th34d $$$ L00k1ng f0r kn0wn t4rg3tz.. $$$ c0mput3r 1z aqu1r1ng n3w t4rg3t... $$$ selinux_ops->ffffffff80327ac0
no veo bien este resultado.. esto no está bien.
a mi me dijo algo así como no hay modulos cargados (en inglés normal, sin letras y numeros que es normalmente un mal síntoma).
así sale: [eperez@server ~]$ wget https://www.ksplice.com/support/diagnose-2010-3081 --2010-09-20 17:03:02-- https://www.ksplice.com/support/diagnose-2010-3081 Resolving www.ksplice.com... 184.73.224.154 Connecting to www.ksplice.com|184.73.224.154|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 21348 (21K) [text/plain] Saving to: `diagnose-2010-3081'
100%[======================================>] 21,348 --.-K/s in 0.04s
2010-09-20 17:03:03 (525 KB/s) - `diagnose-2010-3081' saved [21348/21348]
[eperez@server ~]$ chmod +x diagnose-2010-3081 [eperez@server ~]$ ./diagnose-2010-3081 Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc. (see http://www.ksplice.com/uptrack/cve-2010-3081)
$$$ Kernel release: 2.6.18-194.11.1.el5xen $$$ Backdoor in LSM (1/3): checking...not present. $$$ Backdoor in timer_list_fops (2/3): not available. $$$ Backdoor in IDT (3/3): checking...not present.
Your system is free from the backdoors that would be left in memory by the published exploit for CVE-2010-3081.
saludos epe