Samker's Computer Forum - SCforum.info
Software & Hardware Mix: => Linux / Unix / Android => Topic started by: Samker on 17. May 2014., 11:06:16
-
(http://2.bp.blogspot.com/-EllreivJ0xQ/T6_pVY53oQI/AAAAAAAAgSg/zRDS8KHAeoQ/s1600/linux.jpg)
Linux admins need to get busy patching, as a newly discovered bug has emerged in the kernel's tty handling – and it lets logged-in users crash the system, gain root privileges, or otherwise modify and access data they shouldn't.
This memory corruption flaw is certainly nothing like OpenSSL's remotely exploitable Heartbleed – CVE-2014-0196: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0196
But this local root hole is problematic where users are sharing the same Linux host in the cloud.
Here's how US-CERT described the issue: https://www.us-cert.gov/ncas/bulletins/SB14-132
“The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the 'LECHO & !OPOST' case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.”
A user only needs shell access to be in a position to exploit the programming blunder.
The bug was introduced in 2009 with version v2.6.31-rc3 of the kernel. Before that, as noted at this Novell SUSE security discussion, “pty [the pseudo-terminal – El Reg] was writing directly to a line discipline without using buffers”: https://bugzilla.novell.com/show_bug.cgi?id=875690
Ubuntu has been patched: http://www.ubuntu.com/usn/usn-2204-1/ , Red Hat is working on a fix for its Enterprise Linux 6 and Enterprise MRG 2 distos (RH Enterprise Linux 5 isn't affected): https://bugzilla.redhat.com/show_bug.cgi?id=1094232
OpenWall has also patched: http://www.openwall.com/lists/oss-security/2014/05/05/6 Debian's patches will arrive here: https://security-tracker.debian.org/tracker/CVE-2014-0196
There's an unreliable proof-of-concept here: http://bugfuzz.com/stuff/cve-2014-0196-md.c
(ElReg)
-
Most misleading picture EVER :down:
Giving a nitwit Linux... It will cause problems and many many many "how do I..."-phone calls :(
Just saying ;p
-
I didn't want to update the servers so soon :/
-
I didn't want to update the servers so soon :/
Yeah... Kernel 0.1a works like a charm ;p
:>
-
Most misleading picture EVER :down:
...
:up:
...picture for cogitation...
-
Thanks admin, much appreciated.
-
I noticed that bug a few days ago. So now I am supposed to update the servers.
I had done that some time ago only.
They better patch up the kernel if it was vulnerable in an insecure way.
-
I noticed that bug a few days ago. So now I am supposed to update the servers.
I had done that some time ago only.
They better patch up the kernel if it was vulnerable in an insecure way.
This bug is from 2014 at least... How can that still be a thing?