We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Local linux root exploit 2.6.37 to 3.8.8


Thomas
05-16-2013, 10:40 AM
A 0-day exploit permit a local/remote privilege escalation.

We were not clearly able to exploit this vulnerability on -grsec- kernel, but it can crash the server.

Today, we have released the kernel 3.8.13. All distributions embedding the OVH kernel are now delivered with this last kernel.

If your server is on netboot, you only have to reboot. Else, you should update your kernel:

[GRS] ftp://ftp.ovh.net/made-in-ovh/bzImag...xx-grs-ipv6-64

[STD] ftp://ftp.ovh.net/made-in-ovh/bzImag...xx-std-ipv6-64

Or for a VM:

[GRS] ftp://ftp.ovh.net/made-in-ovh/bzImag...ps-grs-ipv6-64

[STD] ftp://ftp.ovh.net/made-in-ovh/bzImag...ps-std-ipv6-64


The new kernel provides huge improvements for performance, especially for the network.


RHEL 6.0 is concerned too. Almost all kernel distributions are vulnerable:

https://bugzilla.redhat.com/show_bug.cgi?id=962792

*** Mitigation ***

You can tempopary mitigate the issue by changing the kernel.perf_event_paranoid parameter to the following:

# sysctl kernel.perf_event_paranoid=2

It seems to protect from known exploits but it does not fix the vulnerability.




--
Germain, OVH