Home » ISPreview UK News Archives »
Business ISP Claranet hit by Linux Security Flaw
By: MarkJ - 15 February, 2008 (9:51 AM)

Hackers have exploited a security vulnerability in the Linux kernel, specifically the sys_vmsplice call that is responsible for virtual memory management, to gain root privileges within some of Claranets servers.

The UK business ISP first spotted the problem during Tuesday afternoon, although by then the hackers had already managed to replace their customers index.html (website) files with an unspecified message:

Claranet Statement: "Malicious activity related to the vulnerability was detected on Claranet's shared hosting platform. Within 10 minutes Claranet contained and halted the malicious activity, and locked down the platform to prevent further damage.

The shared hosting platform was fully patched with the vendor's updates by 10am on Wednesday. Less than one per cent of the total web sites hosted on the Claranet platform were affected and all were restored to their original states by 1pm on Wednesday 13 February

The situation, which is covered in more detail HERE (The Register), first appeared in version 2.6.17 of the Linux kernel and wasn't resolved until 2.6.23.

History - [News Archives]


Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy Policy, Links (.), Website Rules).