I just learned about the wunderbar_emporium rootkit, and it sounds pretty nasty. I tested it on a few linux servers I have access to, and while it failed on two of them, it was successful on one with kernel 2.6.9-78.0.13.ELsmp. What's the best way to prevent this rootkit? Does kernel 2.6.9-89.0.11.ELsmp resolve the issue?
Answer
According to the RedHat Security Advisory RHSA-2009:1457 kernel 2.6.18-92.1.28 resolves the issue on RHEL 5.2.z. As you're inquiring about a 2.6.9 kernel I'm making the assumption you're on RHEL4 and RHSA-2009:1469 mentions 2.6.9-78.0.27 for RHEL 4.7.z though the original RHEL4 advisory RHSA-2009:1223 mentions 2.6.9-89.0.9.
For the full listing of Security Advisories issued by RedHat regarding CVS-2009-2692 that wunderbar_emporium is taking advantage of.
No comments:
Post a Comment