Circa 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)
Last Updated: 2010-09-17 16:15:38 UTC
by Robert Danford (Version: 1)
Several of our readers sent us a heads up about a Linux kernel vulnerability which was previously patched, but has
leaked back into the kernel.
The vulnerability exists in the 32-bit compatibility mode of the kernel and upon execution can result in a local root
The Heise security team reportedly obtained a root shell on 64-bit Ubuntu 10.04 using this exploit.
The current workaround involves temporarily disabling the execution of 32-bit applications (See Full-Disclosure and the Redhat article below for details)
Reportedly all current Linux kernels are affected (patch is in the works) as well as backported kernels from vendors like Redhat.
@benhawkes (Deserves the credit for discovering this re-emergence. Not linking as exploit code is provided)
Thanks to Jens Hektor and Dave for bringing this to our attention.
ISC Handler on Duty
And: I guess CVE-2010-3301 is a typo should read CVE-2010-3081
Sep 20th 2010
1 decade ago