Re: rootkit not found by rkhunter
On 2009-10-04 19:10, Noah Meyerhans wrote:
> On Sun, Oct 04, 2009 at 11:44:52AM -0400, Thomas Krichel wrote:
>>> this looks like a standard privilege escalation (not a rootkit). it
>>> appears to be using one of the recent null pointer dereference kernel
>>> vulnerabilities. your fricka machine is probably running one of the
>>> unpatched kernels ('uname -r' will tell you which version you are
>>> currently running). chichek is up to date since it is preventing
>>> the dereferenced pointer from accessing mmap.
>> Hmmmm, here is a of machines affected and unaffected, with
>> their kernel version
>> fricka 2.6.26-2-686
> The kernel version reported by uname is not enough to determine the
> security status of the kernel. The kernel version number only changes
> when the kernel ABI changes. Security updates are often applied
> without ABI bumps. For example, kernel 2.6.26-2-686 was introduced by
> linux 2.6.26-14. However, the current version is 2.6.26-19. Several
> securty fixes were introduced in the various releases between those two
> versions, yet the version reported by uname was unchanged.
Why is not EXTRAVERSION updated during the kernel package build?