Software & Hardware Mix: > Linux / Unix / Android

Linux administrators need to Patch a newly discovered bug in the kernel...

(1/2) > >>


Linux admins need to get busy patching, as a newly discovered bug has emerged in the kernel's tty handling – and it lets logged-in users crash the system, gain root privileges, or otherwise modify and access data they shouldn't.

This memory corruption flaw is certainly nothing like OpenSSL's remotely exploitable Heartbleed – CVE-2014-0196:
But this local root hole is problematic where users are sharing the same Linux host in the cloud.

Here's how US-CERT described the issue:

“The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the 'LECHO & !OPOST' case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.”

A user only needs shell access to be in a position to exploit the programming blunder.

The bug was introduced in 2009 with version v2.6.31-rc3 of the kernel. Before that, as noted at this Novell SUSE security discussion, “pty [the pseudo-terminal – El Reg] was writing directly to a line discipline without using buffers”:

Ubuntu has been patched: , Red Hat is working on a fix for its Enterprise Linux 6 and Enterprise MRG 2 distos (RH Enterprise Linux 5 isn't affected):
OpenWall has also patched: Debian's patches will arrive here:

There's an unreliable proof-of-concept here:


Most misleading picture EVER  :down:

Giving a nitwit Linux... It will cause problems and many many many "how do I..."-phone calls :(

Just saying ;p

I didn't want to update the servers so soon :/


--- Quote from: jheysen on 17. May 2014., 14:43:50 ---I didn't want to update the servers so soon :/

--- End quote ---

Yeah... Kernel 0.1a works like a charm ;p



--- Quote from: devnullius on 17. May 2014., 13:08:39 ---Most misleading picture EVER  :down:


--- End quote ---


...picture for cogitation...


[0] Message Index

[#] Next page


Go to full version