On Mon, Sep 20, 2010, Omer Zak wrote about "Does anyone know whether the following can be trusted?": > There is an exploit of 64-bit Linux kernel, which leaves behind a > backdoor usable even after the kernel has been patched. > > To check whether your PC is infected, the diagnose-2010-3081 tool can be > used (see https://www.ksplice.com/uptrack/cve-2010-3081.ssi.xhtml for > links to binary and to source).
Can you please point us to the source of these statements? Often, the issue of *vulnerability* and *backdoor* are orthogonal. I.e., Once a vulnerability is known (in this case, an old 32-bit-compatibility bug which somehow resurfaced recentl), someone might break into your machine (or in this case, he would have to break-in first as any user, and this vulnerability will give him root access). *Then*, he can install whatever kind of backdoor, zombie, rootkit, or whatever he wants on your system. There is no way to "diagnose" whether your PC was ever broken into using a specific vulnerability - the only thing you can do is to look for a specific backdoor or rootkit or whatever installed. But someone might have used the same vulnerability and installed a completely different backdoor! So even if that tool tests for a specific backdoor installed by some specific demo "exploit", or one specific worm (and I don't know if it does), don't be surprised if numerous other crackers are using the same vulnerability together with completely different backdoors or rootkits. -- Nadav Har'El | Monday, Sep 20 2010, 12 Tishri 5771 n...@math.technion.ac.il |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |When everything's coming your way, you're http://nadav.harel.org.il |in the wrong lane. _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
