CVE-2013-2094 – local root exploit for kernels 2.6.37 – 3.8.8 (and 2.6.32 on RHEL/CentOS)

Posted by docent on May 14, 2013 Leave a comment (0) Go to comments

Here is more info: http://www.reddit.com/r/netsec/comments/1eb9iw/sdfucksheeporgs_semtexc_local_linux_root_exploit/c9ykrck

This is tagged as CVE-2013-2094: https://bugzilla.redhat.com/show_bug.cgi?id=962792

Exploit: http://fucksheep.org/~sd/warez/semtex.c

Just run it like below to check If You’re affected:

[docent@test ~]$ uname -r
2.6.32-358.6.1.el6.x86_64
[docent@test ~]$ gcc -O2 semtex.c && ./a.out
2.6.37-3.x x86_64
sd@fucksheep.org 2010
-sh-4.1# /usr/bin/id
uid=0(root) gid=0(root) groups=0(root),500(docent) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
-sh-4.1#

[docent@test ~]$ uname -r

2.6.32-358.6.1.el6.x86_64

[docent@test ~]$ gcc -O2 semtex.c && ./a.out

2.6.37-3.x x86_64

sd@fucksheep.org 2010

-sh-4.1# /usr/bin/id

uid=0(root) gid=0(root) groups=0(root),500(docent) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

-sh-4.1#

So remember, that:

sysctl kernel.perf_event_paranoid=2

1	sysctl kernel.perf_event_paranoid=2

is just workaround for this particular exploit and is not a solution. Patch is available here: https://patchwork.kernel.org/patch/2441281/ ; You can also apply this one: https://bugzilla.redhat.com/show_bug.cgi?id=962792#c13

Update: kernel update fixing this issue is ready at RHEL network: http://rhn.redhat.com/errata/RHSA-2013-0830.html

security0-day, exploit, security

← Morgan Freeman on Linux! Half Life 2 is here!

Raspbian, Raspberry-PI, installation, overclocking && vnc →

SecOPS / SysOp blog

The desire for safety stands against every great and noble enterprise.

CVE-2013-2094 – local root exploit for kernels 2.6.37 – 3.8.8 (and 2.6.32 on RHEL/CentOS)

Pages

Recent Posts

SecOPS / SysOp blog

The desire for safety stands against every great and noble enterprise.

CVE-2013-2094 – local root exploit for kernels 2.6.37 – 3.8.8 (and 2.6.32 on RHEL/CentOS)

Pages

Recent Posts

Tags