Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
CVE-2014-0196: Linux kernel pty layer race
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
ChrisJumper
Veteran
Veteran


Joined: 12 Mar 2005
Posts: 1798
Location: Germany

PostPosted: Mon May 12, 2014 3:38 pm    Post subject: CVE-2014-0196: Linux kernel pty layer race Reply with quote

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196
Exploit: http://www.openwall.com/lists/oss-security/2014/05/12/3


Patch: https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=4291086b1f081b869c6d79e5b7441633dc3ace00

German News: http://www.heise.de/open/meldung/Schwachstelle-im-Linux-Kernel-Admin-Rechte-fuer-alle-2187501.html
Back to top
View user's profile Send private message
bendlas
n00b
n00b


Joined: 12 May 2014
Posts: 1

PostPosted: Mon May 12, 2014 4:57 pm    Post subject: Reply with quote

Gentoo Bug: https://bugs.gentoo.org/show_bug.cgi?id=509840
Back to top
View user's profile Send private message
alex6z
Tux's lil' helper
Tux's lil' helper


Joined: 20 Jul 2005
Posts: 113

PostPosted: Tue May 13, 2014 11:13 am    Post subject: Reply with quote

Here is the patch that was done to the latest linux. I tried it on 3.0 and it wouldn't compile. 3.2 is in long term support but there is no back port yet. This patch likely doesn't work there either.

The good news is that it appears that this exploit is for SMP systems only. I tried the crash PoC here http://pastebin.com/raw.php?i=yTSFUBgZ and it didn't crash my Pentium III on 3.0.76, and it didn't crash 2.6.32 on my Debian system with a P4 even with hypertheading. Not tried as root in either case.

Code:

--- old/drivers/tty/n_tty.c
+++ new/drivers/tty/n_tty.c
@@ -2353,8 +2353,12 @@
                        if (tty->ops->flush_chars)
                                tty->ops->flush_chars(tty);
                } else {
+                       struct n_tty_data *ldata = tty->disc_data;
+
                        while (nr > 0) {
+                               mutex_lock(&ldata->output_lock);
                                c = tty->ops->write(tty, b, nr);
+                               mutex_unlock(&ldata->output_lock);
                                if (c < 0) {
                                        retval = c;
                                        goto break_out;

_________________
Check out the T-shirts at http://www.thinkgeek.com
Back to top
View user's profile Send private message
alex6z
Tux's lil' helper
Tux's lil' helper


Joined: 20 Jul 2005
Posts: 113

PostPosted: Tue May 13, 2014 5:52 pm    Post subject: Reply with quote

Update: got my 2.6.32 Debian system to crash when logged in over ssh, but it didn't work (or not right away) at the console. Turned off HT and now I can't crash it anymore.
_________________
Check out the T-shirts at http://www.thinkgeek.com
Back to top
View user's profile Send private message
e3k
Apprentice
Apprentice


Joined: 01 Oct 2007
Posts: 177
Location: Slovakia

PostPosted: Wed May 14, 2014 5:51 pm    Post subject: Reply with quote

no new kernel in sight according to the bug... i am too lazy to patch my kernel myself. is there a chance that we will get a patched kernel soon = 1 day ago?
_________________
---__o__---
Back to top
View user's profile Send private message
platojones
Veteran
Veteran


Joined: 23 Oct 2002
Posts: 1553
Location: Just over the horizon

PostPosted: Wed May 14, 2014 5:55 pm    Post subject: Reply with quote

The latest gentoo-sources kernel (3.14.4) contains linux patch 3.14.4, which has the fix in it.
Back to top
View user's profile Send private message
e3k
Apprentice
Apprentice


Joined: 01 Oct 2007
Posts: 177
Location: Slovakia

PostPosted: Wed May 14, 2014 7:18 pm    Post subject: Reply with quote

thank you platojones. i could live without nvidia-drivers using vesa. but i cant get that thing booting because i have root on ZFS. if i only would be lazy enough not to experiment with the root filesystem...
---
3.10.40 is patched too and works for me.
_________________
---__o__---
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum