GaryT

Well-Known Member
May 19, 2010
320
3
68
Hello

I cannot run the Ksplice tools. I see the error ( !!! Must run as non-root. )

-----------------------
[email protected] [~]# ,/diagnose-2010-3081
-bash: ,/diagnose-2010-3081: No such file or directory
[email protected] [~]# ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc.
(see CVE-2010-3081 | Linux Security Updates Without a Reboot | Ksplice Uptrack)

!!! Must run as non-root.
-----------------------
Any sugestion ?

Thank you
Konrath
Means you must run it as a non root user ? :rolleyes:

Do you have an account with SSH access orther than ROOT.

If not, Make one or give one permissions.

chsh -s /bin/bash <user>
Login as that user:

Then run:

./diagnose-2010-3081
 

konrath

Well-Known Member
May 3, 2005
366
1
166
Brasil
Hello

I cannot run the Ksplice tools. I see the error ( !!! Must run as non-root. )

-----------------------
[email protected] [~]# ,/diagnose-2010-3081
-bash: ,/diagnose-2010-3081: No such file or directory
[email protected] [~]# ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc.
(see http://www.ksplice.com/uptrack/cve-2010-3081)

!!! Must run as non-root.
-----------------------
Any sugestion ?

Thank you
Konrath
 

konrath

Well-Known Member
May 3, 2005
366
1
166
Brasil
Either login as an existing user who has shell/jailshell access and run the script, or create a new user with normal/jailshell access.


Not working
-----------


login as: MYUSER
[email protected]'s password:

-bash-3.2$ cd /
-bash-3.2$ cd root
-bash: cd: root: Permission denied

-bash-3.2$ dir

aquota.user dev ioncube media nohup.out root srv usr
backup etc lib misc opt sbin sys var
bin home lib64 mnt proc scripts tftpboot
boot home2 lost+found net quota.user selinux tmp

-bash-3.2$ wget -N https://www.ksplice.com/support/diagnose-2010-3081
--2010-09-21 16:43:17-- https://www.ksplice.com/support/diagnose-2010-3081
Resolving Never Reboot Linux for Linux Security Updates | Ksplice... 184.73.224.154
Connecting to www.ksplice.com|184.73.224.154|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21348 (21K) [text/plain]
diagnose-2010-3081: Permission denied

Cannot write to `diagnose-2010-3081' (Success).
-bash-3.2$



Thank you
Konrath
 

konrath

Well-Known Member
May 3, 2005
366
1
166
Brasil
I cannot run the Ksplice tools in root user or non root user.

Thank you
Konrath
 
Last edited:

GaryT

Well-Known Member
May 19, 2010
320
3
68
Thats right your not supposed to run as root ! Otherwise it will never find it LOL.

run it as USER.

chmod the file to 777

Login as USER not ROOT

then run it.
 

konrath

Well-Known Member
May 3, 2005
366
1
166
Brasil
Hello

ok, now is running. Thank you



bash-3.2$ ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc.
(see CVE-2010-3081 | Linux Security Updates Without a Reboot | Ksplice Uptrack)

$$$ Kernel release: 2.6.18-194.8.1.el5
$$$ Backdoor in LSM (1/3): checking...not present.
$$$ Backdoor in timer_list_fops (2/3): not available.
$$$ Backdoor in IDT (3/3): checking...not present.

Your system is free from the backdoors that would be left in memory
by the published exploit for CVE-2010-3081.
 

konrath

Well-Known Member
May 3, 2005
366
1
166
Brasil
Hello

This vulnerability is exploited via worm virus, or requires the interaction of the hacker?

Thank you
Konrath
 

GaryT

Well-Known Member
May 19, 2010
320
3
68
No, It just allows them to root to your server, Then, If rooted they can do what ever they like.

Update your CentOS / Kernal as the new one is out :)
 

konrath

Well-Known Member
May 3, 2005
366
1
166
Brasil
No, It just allows them to root to your server, Then, If rooted they can do what ever they like.

Update your CentOS / Kernal as the new one is out :)

Yes, I understand.

My question is: the security flaw is being exploited by a virus (worms virus).

If is a worm virus, then millions of servers will be infected within hours. You understand my question?

Thank you
Konrath
 

GaryT

Well-Known Member
May 19, 2010
320
3
68
I highly doubt they would leave anything whats easily traceable, If anything they would either screw the server or leave a backdoor entry.
 

konrath

Well-Known Member
May 3, 2005
366
1
166
Brasil
I'm sorry, my English is not good.

I understand that this failure is not being exploited by a worm virus.

The situation is critical but not catastrophic. A worm virus multiplies rapidly.

Thank you
Konrath