Posted: 15th Feb, 2008 By: MarkJ
Hackers have exploited a security vulnerability in the Linux kernel, specifically the sys_vmsplice call that is responsible for virtual memory management, to gain root privileges within some of Claranets servers.
The UK business ISP first spotted the problem during Tuesday afternoon, although by then the hackers had already managed to replace their customers index.html (website) files with an unspecified message:
Claranet Statement: "Malicious activity related to the vulnerability was detected on Claranet's shared hosting platform. Within 10 minutes Claranet contained and halted the malicious activity, and locked down the platform to prevent further damage.
The shared hosting platform was fully patched with the vendor's updates by 10am on Wednesday. Less than one per cent of the total web sites hosted on the Claranet platform were affected and all were restored to their original states by 1pm on Wednesday 13 February"
The situation, which is covered in more detail
HERE (
The Register), first appeared in version 2.6.17 of the Linux kernel and wasn't resolved until 2.6.23.