Bug 684981 - Rootkit hack
Summary: Rootkit hack
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 13
Hardware: Unspecified
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-14 22:18 UTC by Jazbo
Modified: 2013-01-10 06:31 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-03-25 02:49:08 UTC
Type: ---

Attachments (Terms of Use)
the file that was downloaded (6.43 KB, text/x-csrc)
2011-03-14 22:19 UTC, Jazbo 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Jazbo 2011-03-14 22:18:06 UTC 
Description of problem:
My mothers computer was hacked with a program that seems to be
milw0rm. The hacker left the source file in C on her computer. I have
it and the IP address of the FTP server that he seemed to download it
from. I attached the file.


Version-Release number of selected component (if applicable):
2.6.34.8-68.fc13.i686.PAE


If you have any questions let me know
Comment 1 Jazbo 2011-03-14 22:19:41 UTC 
Created attachment 484321 [details]
the file that was downloaded
Comment 2 Dave Jones 2011-03-15 17:57:06 UTC 
This is CVE-2008-0009/CVE-2008-0010 which was fixed a long time ago.

This exploit wasn't the program used to gain entry to the machine.
On an affected machine, this exploit would have given a user account root privileges. It is not responsible for how the attacker got access to a user account in the first place.

if everything was up to date, this exploit should have failed to give the attacker root.
Comment 3 Chuck Ebbert 2011-03-25 02:49:08 UTC 
The security bug that this program exploits was fixed in Linux 2.6.25-rc1 and 2.6.24.2, so there is no way it was used to gain root privileges on that machine.
Note You need to log in before you can comment on or make changes to this bug.