Linux root compromise, please upgrade your kernel

Jason plug-discuss@lists.PLUG.phoenix.az.us
Fri, 19 Oct 2001 23:35:59 +0000 

Wow, that site has a really, really nasty javascript ad-loading code
that constantly attempts to load ads, every 10 seconds or so even
(rather fast for pull-refresh!)


slick:~$ tail -45 /var/log/junkbuster
/etc/junkbuster/junkbuster: GPC
ad.doubleclick.net/ad/N668.securityfocus/B33148.6 crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/static/incident_on.gif
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/trade/tradeshowban1.gif
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/NewAlwayson.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/SNORT.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/newsletter.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/static/search_on.gif
/etc/junkbuster/junkbuster: GPC
ad.doubleclick.net/ad/N668.securityfocus/B33148.9 crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/SIA_upgrade/button-upgrade.gif
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/BHEuro2001SF.jpg crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/corebanner3.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/corebanner2a.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/certifiedBanner1.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/corebanner3.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/IObanner3loops.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/NewAlwayson.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.stonylakesolutions.com/banners/IO_animation_banner.gif crunch!

(everything from doubleclick to the stonylakesolutions repeats in the
logfile SEVERAL TIMES).

Evil.

Matt Alexander wrote:
> 
> Root compromise is possible in kernels 2.2.x (x <= 19) up through 2.4.y.
> (y <= 9).
> 
> Here's more info:
> 
> http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
> 
> If you've got a system with multiple users, please upgrade your kernel.
> ~M

-- 
jkenner @ mindspring . com__
I Support Linux:           _> _  _ |_  _  _     _|
Working Together To       <__(_||_)| )| `(_|(_)(_|
To Build A Better Future.       |                   <s>