[Ksplice][Uptrack-announce] CVE-2010-3081: Check whether you are already compromised
Tim Abbott
tabbott at ksplice.com
Sat Sep 18 21:53:56 PDT 2010
By now, if you are running one of Ksplice's commercially supported
distributions, you should have received from us an announcement that
rebootless updates correcting CVE-2010-3081 are available for your
distribution.
If an attacker has already compromised one of your machines using an
exploit for CVE-2010-3081, simply updating the system will not eliminate
the presence of an attacker. Similarly, if a machine has already been
exploited, then the exploit may continue working on that system even after
it has been updated, because of a backdoor that the exploit installs.
We have published a test tool at
<https://www.ksplice.com/uptrack/cve-2010-3081> to check whether your
system has already been compromised by the public CVE-2010-3081 exploit
code that we've seen.
If one or more of your machines has already been compromised by an
attacker, we recommend that you use your normal procedure for dealing with
that situation.
Please note that CVE-2010-3081 only affects systems with a 64-bit kernel.
If you have any questions, Ksplice support is available at
support at ksplice.com or +1 765-577-5423.
-Tim Abbott
More information about the Uptrack-announce
mailing list