We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Local Linux root exploit 2.6.37 to 3.8.8


simo
05-20-2013, 09:33 AM
A 0-day exploit permit a local/remote privilege escalation.

We were not clearly able to exploit this vulnerability on -grsec- kernel, but it can crash the server.

Today, we have released the kernel 3.8.13.
All distributions embedding OVH kernel are now delivered
with this last kernel.

If your server is on netboot, you only have to reboot.
Else, you should update your kernel:
[GRS] ftp://ftp.ovh.net/made-in-ovh/bzImag...xx-grs-ipv6-64
[STD] ftp://ftp.ovh.net/made-in-ovh/bzImag...xx-std-ipv6-64

Or for VM:
[GRS] ftp://ftp.ovh.net/made-in-ovh/bzImag...ps-grs-ipv6-64
[STD] ftp://ftp.ovh.net/made-in-ovh/bzImag...ps-std-ipv6-64

The new kernel provides huge improvements for performances
especially for network.

RHEL 6.0 is concerned too
https://bugzilla.redhat.com/show_bug.cgi?id=962792

Almost all kernel distribution are vulnerable.


*** Mitigation ***

You can tempopary mitigate the issue changing the
kernel.perf_event_paranoid parameter :
# sysctl kernel.perf_event_paranoid=2

It seems to protect from known exploits but it does
not fix the vulnerability.