0000128: Kernel vulnerabilities used by 2nd.kex rootkit-keylogger

ID	Project	Category	View Status	Date Submitted	Last Update

0000128	Kolibri OS (trunk)	Kernel	public	2020-05-01 17:02	2022-07-24 16:05

Reporter	rgimad	Assigned To	rgimad
Priority	normal	Severity	major	Reproducibility	always
Status	resolved	Resolution	fixed
Platform	Any x86 / Любой x86	OS	KolibriOS	OS Version	SVN autobuilds
Product Version	SVN build / автосборка SVN

Summary	0000128: Kernel vulnerabilities used by 2nd.kex rootkit-keylogger
Description	Unfortunately 2nd.kex rootkit-keylogger still works in KolibriOS, it uses some kernel vulnerabilities. See http://board.kolibrios.org/viewtopic.php?t=1712 Also it causes ps command stucking it infinite loop.
Steps To Reproduce	Download 2nd.kex from http://board.kolibrios.org/viewtopic.php?t=1712 and run it on Kolibri and press start keylogging. Also after that try ps command in shell
Tags	No tags attached.

SVN revision / ревизия SVN
Type of distribution / Тип дистрибутива	any / любой

Date Modified	Username	Field	Change
2020-05-01 17:02	rgimad	New Issue
2020-05-01 17:03	rgimad	File Added: 2nd.kex
2020-05-03 18:26	dunkaist	Status	new => confirmed
2022-07-24 16:05	rgimad	Assigned To	=> rgimad
2022-07-24 16:05	rgimad	Status	confirmed => resolved
2022-07-24 16:05	rgimad	Resolution	open => fixed
2022-07-24 16:05	rgimad	Note Added: 0000240

rgimad 2020-05-01 17:03 manager	2nd.kex (666 bytes)

rgimad 2022-07-24 16:05 manager ~0000240	In revisions #8160 and #8216 vulnerability in sysfn 26.2 (2nd.kex used it) finally fixed.