Does anyone know whether the following can be trusted?

Does anyone know whether the following can be trusted?

Omer Zak w1 at zak.co.il
Mon Sep 20 07:20:54 IST 2010 

On Mon, 2010-09-20 at 07:09 +0200, Nadav Har'El wrote:
> On Mon, Sep 20, 2010, Omer Zak wrote about "Does anyone know whether the following can be trusted?":
> > There is an exploit of 64-bit Linux kernel, which leaves behind a
> > backdoor usable even after the kernel has been patched.
> > 
> > To check whether your PC is infected, the diagnose-2010-3081 tool can be
> > used (see https://www.ksplice.com/uptrack/cve-2010-3081.ssi.xhtml for
> > links to binary and to source).
> 
> Can you please point us to the source of these statements?

Start with:
http://linux.slashdot.org/story/10/09/20/0217204/Linux-Kernel-Exploit-Busily-Rooting-64-Bit-Machines
and the link which provides the diagnostic code is:
https://www.ksplice.com/uptrack/cve-2010-3081.ssi.xhtml

> Often, the issue of *vulnerability* and *backdoor* are orthogonal.
> I.e., Once a vulnerability is known (in this case, an old 32-bit-compatibility
> bug which somehow resurfaced recentl), someone might break into your machine
> (or in this case, he would have to break-in first as any user, and this
> vulnerability will give him root access). *Then*, he can install whatever
> kind of backdoor, zombie, rootkit, or whatever he wants on your system.
> 
> There is no way to "diagnose" whether your PC was ever broken into using
> a specific vulnerability - the only thing you can do is to look for a
> specific backdoor or rootkit or whatever installed. But someone might have
> used the same vulnerability and installed a completely different backdoor!
> 
> So even if that tool tests for a specific backdoor installed by some
> specific demo "exploit", or one specific worm (and I don't know if it does),
> don't be surprised if numerous other crackers are using the same
> vulnerability together with completely different backdoors or rootkits.

You are right.
Thanks for the enlightenment.

--- Omer


-- 
Any legal limit to self defense means that there is no right for self
defense at all.  This is because the aggressors would exploit those
legal limits to render their victims totally defenseless.
My own blog is at http://www.zak.co.il/tddpirate/

My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html

More information about the Linux-il mailing list