Claranet Hacked due to Critical Hole in Linux
Following the revelation of critical vulnerability in Linux Kernel on February 10, 2008, the first UK victim availing of services of ISP (Internet Service Provider) Claranet is confirmed.
By exploiting a flaw in the sys_vmsplice kernel call that manages virtual memory, the hacker succeeded in acquiring root privileges to replace Claranet users' index.html files with his own calling card. The exploit came into light at around 6 p.m. on February 12, 2008.
Officials at Claranet said that malicious activity via exploitation of the flaw was spotted on the hosting platform that Claranet customers shared. However, in about 10 minutes, Claranet brought under control the malicious operations and even halted them. The ISP also locked the platform so that there could be no further damage.
Also by 10 am on February 13, 2008, a vendor's update was used to fully patch the shared hosting program. Nearly 1% of all Websites hosted on Claranet's shared program were forced to go offline to be soon reinstated by 1p.m on February 13, 2008 itself.
Earlier on February 14, 2008, software security vendor SecurityFocus uncovered 'critical' security vulnerabilities in Linux Kernel 2.6 in use by popular distributions. By exploiting the bugs, unauthorized users can write to and read kernel memory areas or access certain servers' resources.
Local users could also maliciously use these flaws to cause Denial-of-Service (DoS) conditions, acquire root privileges, or expose potentially sensitive data. The flaws influence all editions of Linux kernel right up to Linux 126.96.36.199, a version with a patch. Certain other software affected are distributions like Ubuntu, Red Hat, Turbolinux, SuSE, Debian, Mandriva etc.
According to Secunia, a firm that notifies on security, users changing their Linux kernel versions to either 188.8.131.52 or 184.108.40.206 can prevent attacks. However, those who don't want to upgrade can use hotfixes to close the holes. The flawed system call made its first appearance in Linux kernel version 2.6.17 but was exploited only with changes in version 2.6.23.
Vendors for Linux said they are on the job to find a permanent remedy to the issue while Claranet goes on monitoring disclosures of new security flaws and works on their patches.
» SPAMfighter News - 22-02-2008