/dev/mem exploit on Ubuntu

Ben Collins ben.collins at ubuntu.com
Wed Aug 1 17:04:44 UTC 2007


On Wed, 2007-08-01 at 08:44 -0400, Kristian Hermansen wrote:
> Just thought someone (Kees) might want to check this one out :-)
> 
> <snip>
> From: "James E. Jones" <ceriofag at yahoo.com>
> To: incidents at securityfocus.com
> Date: Wed, 11 Jul 2007 09:07:09 -0700 (PDT)
> Subject: 0day linux 2.6 /dev/mem rootkit found
> I found one interesting tool on my server, with the
> name 'Boxer 0.99 BETA3'. It's protected by ELFuck
> linux executables obfuscator. Google doesn't know
> anything about it.
> Now, it is available at http://surfall.net/rel.tar.gz
> (ELFuck password: 'notdead')
> Anybody seen it before?
> </snip>
> -- 

Doesn't really look like an exploit to me. This binary requires that you
already have root on the system. It's basically a rootkit (unless I'm
missing something, but I'm not about to execute this program).

Once someone has root, your system is a done deal for the most part.

-- 
Ubuntu   : http://www.ubuntu.com/
Linux1394: http://wiki.linux1394.org/





More information about the ubuntu-server mailing list