Home page of this blog

Monday, September 20, 2010

How to check if Ubuntu 64bit system is exploited by CVE-2010-3081 exploit

Note: This exploit check is needed only for 64 bit linux systems and do not bother if you have 32 bit linux systems

Having 64 bit ubuntu systems and not updated your kernel yet from security repositories? It may have been infected by exploit

CVE-2010-3081


To know more about exploit 
To check if kernel is infected by this exploit in Ubuntu follow the link


 https://www.ksplice.com/uptrack/cve-2010-3081.ssi.xhtml

If you don't know how to compile the tool yourself follow this step by step

Step 1: 

Download source code of the tool which checks if there is an exploit from

https://www.ksplice.com/support/diagnose-2010-3081.c

Step 2:

Compile it

gcc diagnose-2010-3081.c

Step 3:

Run the tool as a normal user (do not run as root!!)

./a.out


You should see a message like


Your system is free from the backdoors that would be left in memory
by the published exploit for CVE-2010-3081.



If you are not getting the above kind of message, it means your system is infected. If your system is compromised, disconnect internet first, then follow whichever fix is relevant. Simplest way is reinstall OS, scan your home folder for infected files




Note: This exploit check is needed only for 64 bit systems and do not bother if you have 32 bit linux systems. To know if you have 64 bit system use


uname -a | grep x86_64


If the result is displayed it means, you are running 64 bit system

3 comments:

  1. Can this detection also work for CVE-2010-3904?

    ReplyDelete
  2. If you use red hat linux, the kernels are updated with a fix for said CVE

    https://rhn.redhat.com/errata/RHSA-2010-0792.html

    ReplyDelete