How to check if Ubuntu 64bit system is exploited by CVE-2010-3081 exploit

Note: This exploit check is needed only for 64 bit linux systems and do not bother if you have 32 bit linux systems

Having 64 bit ubuntu systems and not updated your kernel yet from security repositories? It may have been infected by exploit

CVE-2010-3081

To know more about exploit 

http://linux.slashdot.org/story/10/09/20/0217204/Linux-Kernel-Exploit-Busily-Rooting-64-Bit-Machines?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Slashdot/slashdotLinux+(Slashdot:+Linux)&utm_content=Google+Reader

To check if kernel is infected by this exploit in Ubuntu follow the link

 https://www.ksplice.com/uptrack/cve-2010-3081.ssi.xhtml

If you don't know how to compile the tool yourself follow this step by step

Step 1: 

Download source code of the tool which checks if there is an exploit from

https://www.ksplice.com/support/diagnose-2010-3081.c

Step 2:

Compile it

gcc diagnose-2010-3081.c

Step 3:

Run the tool as a normal user (do not run as root!!)

./a.out


You should see a message like


Your system is free from the backdoors that would be left in memory
by the published exploit for CVE-2010-3081.

If you are not getting the above kind of message, it means your system is infected. If your system is compromised, disconnect internet first, then follow whichever fix is relevant. Simplest way is reinstall OS, scan your home folder for infected files

Note: This exploit check is needed only for 64 bit systems and do not bother if you have 32 bit linux systems. To know if you have 64 bit system use


uname -a | grep x86_64


If the result is displayed it means, you are running 64 bit system