Circa 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)

Several of our readers sent us a heads up about a Linux kernel vulnerability which was previously patched, but has
leaked back into the kernel.
The vulnerability exists in the 32-bit compatibility mode of the kernel and upon execution can result in a local root

The Heise security team reportedly obtained a root shell on 64-bit Ubuntu 10.04 using this exploit.

The current workaround involves temporarily disabling the execution of 32-bit applications (See Full-Disclosure and the Redhat article below for details)

Reportedly all current Linux kernels are affected (patch is in the works) as well as backported kernels from vendors like Redhat.

@benhawkes (Deserves the credit for discovering this re-emergence. Not linking as exploit code is provided) (German)

Thanks to Jens Hektor and Dave for bringing this to our attention.

ISC Handler on Duty


49 Posts
Sep 17th 2010
Credits should go to the people from CERN who reported that to the colleagues of our HPC system.

And: I guess CVE-2010-3301 is a typo should read CVE-2010-3081

Sign Up for Free or Log In to start participating in the conversation!