On Thu, 16 May 2013, Pat Riehecky wrote:

> Synopsis:          Important: kernel security update
> Advisory ID:       SLSA-2013:0830-1
> Issue Date:        2013-05-16
> CVE Numbers:       CVE-2013-2094
>
> This update fixes the following security issue:
>
> * It was found that the Scientific Linux 6.1 kernel update
> (SLSA-2011:0542) introduced an integer conversion issue in the Linux
> kernel's Performance Events implementation. This led to a user-supplied
> index into the perf_swevent_enabled array not being validated properly,
> resulting in out-of-bounds kernel memory access. A local, unprivileged
> user could use this flaw to escalate their privileges. (CVE-2013-2094,
> Important)
>
> A public exploit that affects Scientific Linux 6 is available.
>
> Refer to Red Hat Knowledge Solution 373743 for further information
> and mitigation instructions for users who are unable to immediately
> apply this update.

Thanks for the quick response Pat; I have tested the new kernel, and
can confirm that it prevents the exploit from working (potty-mouth
output edited out):


### older kernel:
$ uname -r
2.6.32-358.2.1.el6.x86_64

$ /sbin/sysctl  kernel.perf_event_paranoid 
kernel.perf_event_paranoid = 1

$ ./perf_events 
2.6.37-3.x x86_64
sd@*ucksheep.org 2010
-sh-4.1# id
uid=0(root) gid=0(root) groups=0(root),..


### this errata:
$ uname -r
2.6.32-358.6.2.el6.x86_64

$ /sbin/sysctl  kernel.perf_event_paranoid 
kernel.perf_event_paranoid = 1

$ ./perf_events 
perf_events: perf_events2.c:51: sheep: Assertion `!close(fd)' failed.
Aborted

cheers, etc.
-- 
deatrich @ triumf.ca, Science/ATLAS         PH: +1 604-222-7665
<*> This moment's fortune cookie:
The best laid plans of mice and men are held up in the legal department.