I just heard about this exploit) and it really sounds scary but my kernel is immune to it because I have disabled 32bit emulation almost a year ago.

Here is a good post about it and a exploit code in this post1. You can download a test tool1 on Ksplice. The output I got from those:


% ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc.
(see http://www.ksplice.com/uptrack/cve-2010-3081)

$$$ Kernel release: 2.6.34-gentoo-r6-1
!!! Error in setting cred shellcodes
% ./robert_you_suck
symbol table not available, aborting!
Process finished

A quick workaround is to run if you don’t know how to patch:


echo ':32bits:M:0:x7fELFx01::/bin/echo:' > /proc/sys/fs/binfmt_misc/register

Note

Gentoo’s gentoo-sources already have fixed that 3 days ago.

The best way is to disable 32bit emulation in kernel permanently, less you have less exposed surface you get. There are still many propriety programs don’t have 64-bit build, but I have managed to live without them.

Updated on 2010-09-21: Ksplice updated1 the tool because the error message was unclear, now I get:


% ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc.
(see http://www.ksplice.com/uptrack/cve-2010-3081)

$$$ Kernel release: 2.6.34-gentoo-r6-1
!!! Could not find symbol: prepare_creds

A symbol required by the published exploit for CVE-2010-3081 is not
provided by your kernel. The exploit would not work on your system.

[1](1, 2, 3) http://www.h-online.com/open/news/item/Hole-in-Linux-kernel-provides-root-rights-1081317.html, http://blog.ksplice.com/2010/09/cve-2010-3081/, and https://www.ksplice.com/uptrack/cve-2010-3081 are gone