Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved]does cve-2013-2094 apply to gentoo?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
huuan
Apprentice
Apprentice


Joined: 19 Feb 2007
Posts: 261
Location: California

PostPosted: Wed May 15, 2013 11:53 pm    Post subject: [solved]does cve-2013-2094 apply to gentoo? Reply with quote

new privilege escalation on kernels 2.6.37 through 3.8.9
https://isc.sans.edu/diary/CVE-2013-2094+Linux+privilege+escalation/15803

they say on centos it is back-ported as far as 2.6.32

How about on Gentoo?


Last edited by huuan on Thu May 16, 2013 5:38 am; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Watchman
Watchman


Joined: 06 Mar 2007
Posts: 8969

PostPosted: Thu May 16, 2013 12:16 am    Post subject: Reply with quote

sys-kernel/gentoo-sources has no ebuilds in tree for kernels before 3.0, so there are no supported builds into which a backport could have introduced it. However, it is very likely that all supported kernel series are affected, unless you configured out the affected code.
Back to top
View user's profile Send private message
livibetter
n00b
n00b


Joined: 19 Apr 2009
Posts: 60
Location: Taipei, Taiwan

PostPosted: Thu May 16, 2013 12:52 am    Post subject: Reply with quote

My kernel config has CONFIG_PERF_EVENTS=y and the semtex.c (linked in the CVE page) shows me it is indeed vulnerable, I can gain root by running that compiled code on 3.7.10.

gentoo-sources has just stabilized 3.8.13, I am going to upgrade my kernel to it.
Back to top
View user's profile Send private message
kurly
Apprentice
Apprentice


Joined: 02 Apr 2012
Posts: 172

PostPosted: Thu May 16, 2013 1:58 am    Post subject: Reply with quote

The applicable Gentoo bug is https://bugs.gentoo.org/show_bug.cgi?id=469854

Plenty of fixed versions are in Portage today (including 3.8.13 and 3.9.2). All vulnerable versions except 3.7.10 have been removed, and even that last version will be removed as soon as other architectures are able to stabilize 3.8.13.
Back to top
View user's profile Send private message
huuan
Apprentice
Apprentice


Joined: 19 Feb 2007
Posts: 261
Location: California

PostPosted: Thu May 16, 2013 5:38 am    Post subject: Reply with quote

Thanks all. Most informative.
Back to top
View user's profile Send private message
rburcham
Apprentice
Apprentice


Joined: 20 Mar 2003
Posts: 178

PostPosted: Fri May 17, 2013 2:58 pm    Post subject: Reply with quote

Quote:
My kernel config has CONFIG_PERF_EVENTS=y and the semtex.c (linked in the CVE page) shows me it is indeed vulnerable, I can gain root by running that compiled code on 3.7.10.

gentoo-sources has just stabilized 3.8.13, I am going to upgrade my kernel to it.


I'm running 3.7.8-gentoo, CONFIG_PERF_EVENTS=y, compiled the POC code with gcc -O2 and ran it... it immediately returns with "Killed"

So, for some reason it didn't work? I'm still updating my kernel right now anyway.
Back to top
View user's profile Send private message
keet
Guru
Guru


Joined: 09 Sep 2008
Posts: 392

PostPosted: Sun May 19, 2013 1:45 pm    Post subject: Reply with quote

It didn't work for me on my Gentoo computers that are running gentoo-sources 3.4.9 and 3.7.10, though kernel.perf_event_paranoid=2 on mine. It did work on my Debian 7 installation, though.
Back to top
View user's profile Send private message
Hu
Watchman
Watchman


Joined: 06 Mar 2007
Posts: 8969

PostPosted: Sun May 19, 2013 3:38 pm    Post subject: Reply with quote

According to commentary on LWN, the common exploit being passed around can be defeated with perf_event_paranoid=2. However, the exploit can be modified to trigger the bug even when perf_event_paranoid=2, so setting that variable is not full protection.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum