Re: rootkit not found by rkhunter
On Sun, 4 Oct 2009 10:15:35 -0400 Thomas Krichel wrote:
> krichel@fricka:~/a$ chmod 777 a
> krichel@fricka:~/a$ ./a
> krichel@chichek:~/a$ chmod 777 a
> krichel@chichek:~/a$ ./a
> mmap: Permission denied
this looks like a standard privilege escalation (not a rootkit). it
appears to be using one of the recent null pointer dereference kernel
vulnerabilities. your fricka machine is probably running one of the
unpatched kernels ('uname -r' will tell you which version you are
currently running). chichek is up to date since it is preventing
the dereferenced pointer from accessing mmap.
'apt-get update && apt-get upgrade' followed by a reboot into the new
kernel should bring you up to date.