Wednesday, July 27, 2011

Linux 3.0 Kernel Released! Linux 3.0.c Kernel Exploit also Released!

It was in the evening of July 22, 2011 when Linus Torvalds posted on Google+ about the new 3.0 kernel version which marked the end of 2.6.x series of kernel versions. After which, the initial plans of 3.1 were then a big issue to his followers because its exploit was released a few days after it was announced officially.

A guy named Dan Rosenberg compiled a C code entitled the “DEC Alpha Linux 3.0 local root exploit” which points out the vulnerability of the new 3.0 kernel version. Then also, a guy named Cross from ROOTWORM also published his Perl script entitled “2011 Linux Auto Rooter Beta 1.0” which includes the kernel versions 2.6.18 series to 3.0 kernel version exploits. The Perl script of Cross was also posted in most of the underground websites.

For those of you who are not familiar of a kernel exploit, a kernel exploit is written in C and its objective is to root a Linux box. With this exploit, a normal user of a certain machine can become a super user of a certain box which gives him more privileges like installing more repositories, installing other softwares, hosting malicious codes, hosting an ssh scanner, etc. Thus it’s a big, big trouble.

As of now, The Linux team is still fixing some of the current kernel’s bugs and issues. We hope to see the release of the 3.1 kernel version soon.

About the Contributor:

Shipcode is an InfoSec enthusiast from Cebu. During his high school days he was just an ordinary script kiddie. He loves to search for web exploits and other issues concerning network / wireless security.

ROOTCON is managed by like minded InfoSec professionals across the Philippines. All rights reserved.Designated trademarks, brands and articles are the property of their respective owners.