Kernel 2.6.32-358 Local Privilege Escalation

Support for security such as Firewalls and securing linux
User avatar
toracat
Site Admin
Posts: 7518
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Re: Kernel 2.6.32-358 Local Privilege Escalation

Post by toracat » 2013/05/14 23:13:56

The distro kernel (not the centosplus one) with the patch is now available from :

http://people.centos.org/hughesjr/c6kernel/2.6.32-358.6.1.el6.cve20132094/x86_64/

It was confirmed that this kernel is not exploitable. This is signed by the centos-6 test key and you can install the key by running (optional) :

rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-Testing-6

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Kernel 2.6.32-358 Local Privilege Escalation

Post by TrevorH » 2013/05/15 00:00:21

Just to clarify: is this a repackaged upstream kernel? Or the current 358.6.1 kernel plus that one line patch?

User avatar
toracat
Site Admin
Posts: 7518
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Re: Kernel 2.6.32-358 Local Privilege Escalation

Post by toracat » 2013/05/15 00:56:06

The current CentOS kernel 2.6.32-358.6.1.el6 with that one line patch applied.

oesman
Posts: 3
Joined: 2013/05/14 13:37:05

Re: Kernel 2.6.32-358 Local Privilege Escalation

Post by oesman » 2013/05/15 03:46:51

[quote]
nouvo09 wrote:

I am not. I never found one reason to run a 64 bits system while we have a PAE 32 bits which never has issue with 3rd parts programs.[/quote]

PAE won't allow a single process to address more than 4GB of memory. All PAE will do is allow you to see >4GB and to address >4GB between multiple processes. You should be running 64-bit if you're using PAE.

IMO the only reasons to run 32-bit are:

1. If you have a very light setup with a small amount of ram (4GB or less) and you wish to save yourself the overhead of x86_64.
2. If your legacy hardware does not support 64-bit.
3. If your legacy software requires 32-bit for some reason.

assen
Posts: 80
Joined: 2013/02/22 12:48:05
Contact:

Re: Kernel 2.6.32-358 Local Privilege Escalation

Post by assen » 2013/05/15 13:02:20

Hi,

CentOS 6.4, fully patched as of yesterday, 64-bit.

[code]
[cpt2ast@cpt2ast ~]$ uname -a
Linux cpt2ast 2.6.32-358.6.1.el6.x86_64 #1 SMP Tue Apr 23 19:29:00 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[/code]

... compile the exploit here...

[code]
[cpt2ast@cpt2ast ~]$ ./a.out
2.6.37-3.x x86_64
sd@fsck.org 2010
a.out: e.c:81: main: Assertion `p = memmem(code, 1024, &needle, 8)' failed.
Aborted
[/code]

Why is the exploit not working?

EDIT: Oops. it has to compiled with optimizations... lol :-)

User avatar
toracat
Site Admin
Posts: 7518
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Re: Kernel 2.6.32-358 Local Privilege Escalation

Post by toracat » 2013/05/16 18:21:04

An official kernel update with the fix has been released upstream. The CentOS kernel update will follow soon.

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Kernel 2.6.32-358 Local Privilege Escalation

Post by avij » 2013/05/17 07:20:45

kernel-2.6.32-358.6.2.el6 has been released and it's currently syncing to mirrors.

http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html

I've verified that this kernel does indeed fix the issue.

Post Reply