Subject: | |
From: | |
Reply To: | |
Date: | Thu, 16 May 2013 11:39:52 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Thu, 16 May 2013, Pat Riehecky wrote:
> Synopsis: Important: kernel security update
> Advisory ID: SLSA-2013:0830-1
> Issue Date: 2013-05-16
> CVE Numbers: CVE-2013-2094
>
> This update fixes the following security issue:
>
> * It was found that the Scientific Linux 6.1 kernel update
> (SLSA-2011:0542) introduced an integer conversion issue in the Linux
> kernel's Performance Events implementation. This led to a user-supplied
> index into the perf_swevent_enabled array not being validated properly,
> resulting in out-of-bounds kernel memory access. A local, unprivileged
> user could use this flaw to escalate their privileges. (CVE-2013-2094,
> Important)
>
> A public exploit that affects Scientific Linux 6 is available.
>
> Refer to Red Hat Knowledge Solution 373743 for further information
> and mitigation instructions for users who are unable to immediately
> apply this update.
Thanks for the quick response Pat; I have tested the new kernel, and
can confirm that it prevents the exploit from working (potty-mouth
output edited out):
### older kernel:
$ uname -r
2.6.32-358.2.1.el6.x86_64
$ /sbin/sysctl kernel.perf_event_paranoid
kernel.perf_event_paranoid = 1
$ ./perf_events
2.6.37-3.x x86_64
sd@*ucksheep.org 2010
-sh-4.1# id
uid=0(root) gid=0(root) groups=0(root),..
### this errata:
$ uname -r
2.6.32-358.6.2.el6.x86_64
$ /sbin/sysctl kernel.perf_event_paranoid
kernel.perf_event_paranoid = 1
$ ./perf_events
perf_events: perf_events2.c:51: sheep: Assertion `!close(fd)' failed.
Aborted
cheers, etc.
--
deatrich @ triumf.ca, Science/ATLAS PH: +1 604-222-7665
<*> This moment's fortune cookie:
The best laid plans of mice and men are held up in the legal department.
|
|
|