This morning, I found that I'd had the "km3" rootkit, at least, compiled
on my system. It doesn't look like they actually got the chance to
install and use it, but the km3 kit is a "Linux Kernel Privileged Process
Hijacking Vulnerability" which affects kernels 2.21 through 2.2.24 and
2.4.1 through 2.4.21-pre1.
I know that Red Hat back ports their patches, which is cool and all, but
they released a 2.4.20-20 update some time ago...they currently available
kernel from Red Hat addresses the ptrace-related vulnerability that km3
uses, as well as a number of other issues.
Unless, of course, the fix is in the 2.4.20-19 kernel, and I failed to
realize it.
If we could see the current XFS merged into the Red Hat 2.4.20-20 sources,
I'd be happy to test them out.
Of course, at the moment, I'd be happy if I knew how the hell the bastard
got into my system, but that's another story.
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000
To be notified of updates to the web site, send a message to:
site-update-request@xxxxxxxxxxxxxxxxx
with a message of:
subscribe
|