[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rootkit not found by rkhunter

On Sun, 4 Oct 2009 10:15:35 -0400 Thomas Krichel wrote:
> krichel@fricka:~/a$ chmod 777 a
> krichel@fricka:~/a$ ./a
> root@fricka:~/a# 
> krichel@chichek:~/a$ chmod 777 a
> krichel@chichek:~/a$ ./a
> mmap: Permission denied

this looks like a standard privilege escalation (not a rootkit). it
appears to be using one of the recent null pointer dereference kernel
vulnerabilities.  your fricka machine is probably running one of the
unpatched kernels ('uname -r' will tell you which version you are
currently running).  chichek is up to date since it is preventing
the dereferenced pointer from accessing mmap. 

'apt-get update && apt-get upgrade' followed by a reboot into the new
kernel should bring you up to date.


Reply to: