On Thu, 16 May 2013, Pat Riehecky wrote:
Synopsis: Important: kernel security update
Advisory ID: SLSA-2013:0830-1
Issue Date: 2013-05-16
CVE Numbers: CVE-2013-2094
This update fixes the following security issue:
* It was found that the Scientific Linux 6.1 kernel update
(SLSA-2011:0542) introduced an integer conversion issue in the Linux
kernel's Performance Events implementation. This led to a user-supplied
index into the perf_swevent_enabled array not being validated properly,
resulting in out-of-bounds kernel memory access. A local, unprivileged
user could use this flaw to escalate their privileges. (CVE-2013-2094,
Important)
A public exploit that affects Scientific Linux 6 is available.
Refer to Red Hat Knowledge Solution 373743 for further information
and mitigation instructions for users who are unable to immediately
apply this update.
Thanks for the quick response Pat; I have tested the new kernel, and
can confirm that it prevents the exploit from working (potty-mouth
output edited out):
### older kernel:
$ uname -r
2.6.32-358.2.1.el6.x86_64
$ /sbin/sysctl kernel.perf_event_paranoid
kernel.perf_event_paranoid = 1
$ ./perf_events
2.6.37-3.x x86_64
sd@*ucksheep.org 2010
-sh-4.1# id
uid=0(root) gid=0(root) groups=0(root),..
### this errata:
$ uname -r
2.6.32-358.6.2.el6.x86_64
$ /sbin/sysctl kernel.perf_event_paranoid
kernel.perf_event_paranoid = 1
$ ./perf_events
perf_events: perf_events2.c:51: sheep: Assertion `!close(fd)' failed.
Aborted
cheers, etc.
--
deatrich @ triumf.ca, Science/ATLAS PH: +1 604-222-7665
<*> This moment's fortune cookie:
The best laid plans of mice and men are held up in the legal department.
