[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rootkit not found by rkhunter

On 2009-10-04 19:10, Noah Meyerhans wrote:
> On Sun, Oct 04, 2009 at 11:44:52AM -0400, Thomas Krichel wrote:
>>> this looks like a standard privilege escalation (not a rootkit). it
>>> appears to be using one of the recent null pointer dereference kernel
>>> vulnerabilities.  your fricka machine is probably running one of the
>>> unpatched kernels ('uname -r' will tell you which version you are
>>> currently running).  chichek is up to date since it is preventing
>>> the dereferenced pointer from accessing mmap. 
>>   Hmmmm, here is a of machines affected and unaffected, with
>>   their kernel version
>> affected
>> fricka  2.6.26-2-686
>   ...
> The kernel version reported by uname is not enough to determine the
> security status of the kernel.  The kernel version number only changes
> when the kernel ABI changes.  Security updates are often applied
> without ABI bumps.  For example, kernel 2.6.26-2-686 was introduced by
> linux 2.6.26-14.  However, the current version is 2.6.26-19.  Several
> securty fixes were introduced in the various releases between those two
> versions, yet the version reported by uname was unchanged.  

Why is not EXTRAVERSION updated during the kernel package build?

Best regards,

Reply to: