View previous topic :: View next topic |
Author |
Message |
huuan Apprentice
Joined: 19 Feb 2007 Posts: 265 Location: California
|
Posted: Wed May 15, 2013 11:53 pm Post subject: [solved]does cve-2013-2094 apply to gentoo? |
|
|
new privilege escalation on kernels 2.6.37 through 3.8.9
https://isc.sans.edu/diary/CVE-2013-2094+Linux+privilege+escalation/15803
they say on centos it is back-ported as far as 2.6.32
How about on Gentoo?
Last edited by huuan on Thu May 16, 2013 5:38 am; edited 1 time in total |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21490
|
Posted: Thu May 16, 2013 12:16 am Post subject: |
|
|
sys-kernel/gentoo-sources has no ebuilds in tree for kernels before 3.0, so there are no supported builds into which a backport could have introduced it. However, it is very likely that all supported kernel series are affected, unless you configured out the affected code. |
|
Back to top |
|
|
livibetter n00b
Joined: 19 Apr 2009 Posts: 63 Location: Taipei, Taiwan
|
Posted: Thu May 16, 2013 12:52 am Post subject: |
|
|
My kernel config has CONFIG_PERF_EVENTS=y and the semtex.c (linked in the CVE page) shows me it is indeed vulnerable, I can gain root by running that compiled code on 3.7.10.
gentoo-sources has just stabilized 3.8.13, I am going to upgrade my kernel to it. |
|
Back to top |
|
|
kurly Apprentice
Joined: 02 Apr 2012 Posts: 260
|
Posted: Thu May 16, 2013 1:58 am Post subject: |
|
|
The applicable Gentoo bug is https://bugs.gentoo.org/show_bug.cgi?id=469854
Plenty of fixed versions are in Portage today (including 3.8.13 and 3.9.2). All vulnerable versions except 3.7.10 have been removed, and even that last version will be removed as soon as other architectures are able to stabilize 3.8.13. |
|
Back to top |
|
|
huuan Apprentice
Joined: 19 Feb 2007 Posts: 265 Location: California
|
Posted: Thu May 16, 2013 5:38 am Post subject: |
|
|
Thanks all. Most informative. |
|
Back to top |
|
|
rburcham Apprentice
Joined: 20 Mar 2003 Posts: 240
|
Posted: Fri May 17, 2013 2:58 pm Post subject: |
|
|
Quote: | My kernel config has CONFIG_PERF_EVENTS=y and the semtex.c (linked in the CVE page) shows me it is indeed vulnerable, I can gain root by running that compiled code on 3.7.10.
gentoo-sources has just stabilized 3.8.13, I am going to upgrade my kernel to it. |
I'm running 3.7.8-gentoo, CONFIG_PERF_EVENTS=y, compiled the POC code with gcc -O2 and ran it... it immediately returns with "Killed"
So, for some reason it didn't work? I'm still updating my kernel right now anyway. |
|
Back to top |
|
|
keet Guru
Joined: 09 Sep 2008 Posts: 565
|
Posted: Sun May 19, 2013 1:45 pm Post subject: |
|
|
It didn't work for me on my Gentoo computers that are running gentoo-sources 3.4.9 and 3.7.10, though kernel.perf_event_paranoid=2 on mine. It did work on my Debian 7 installation, though. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21490
|
Posted: Sun May 19, 2013 3:38 pm Post subject: |
|
|
According to commentary on LWN, the common exploit being passed around can be defeated with perf_event_paranoid=2. However, the exploit can be modified to trigger the bug even when perf_event_paranoid=2, so setting that variable is not full protection. |
|
Back to top |
|
|
|