Monday, February 23, 2015

linux - How to prevent wunderbar_emporium rootkit



I just learned about the wunderbar_emporium rootkit, and it sounds pretty nasty. I tested it on a few linux servers I have access to, and while it failed on two of them, it was successful on one with kernel 2.6.9-78.0.13.ELsmp. What's the best way to prevent this rootkit? Does kernel 2.6.9-89.0.11.ELsmp resolve the issue?


Answer



According to the RedHat Security Advisory RHSA-2009:1457 kernel 2.6.18-92.1.28 resolves the issue on RHEL 5.2.z. As you're inquiring about a 2.6.9 kernel I'm making the assumption you're on RHEL4 and RHSA-2009:1469 mentions 2.6.9-78.0.27 for RHEL 4.7.z though the original RHEL4 advisory RHSA-2009:1223 mentions 2.6.9-89.0.9.



For the full listing of Security Advisories issued by RedHat regarding CVS-2009-2692 that wunderbar_emporium is taking advantage of.



No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...