• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.

CVE-2014-0196: kernel: memory corruption via a race in pty write handling

Started by Kailash, May 14, 2014, 11:05:40 PM

WordPress Premium Themes


QuoteA race condition in pty (pseudo terminal) write buffer handling could be used by local attackers to corrupt kernel memory and so cause a system crash or potentially code execution.

QuoteJiri thinks:

Introduced by d945cb9cce20ac7143c2de8d88b187f62db99bdc (pty: Rework the pty
layer to use the normal buffering logic) in 2.6.31-rc3. Until then, pty
was writing directly to a line discipline without using buffers.

So 2.6.31 - 3.15rcX



This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5.

Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue.




Ksplice just released an update:

QuoteSynopsis: Early update for local privilege escalation in TTY driver:

We felt that it's important for us to ship this update early, before
distributions released kernels that fix the problem, because our audit
showed that we have a large number of customers affected by the CVE.


* CVE-2014-0196: Pseudo TTY device write buffer handling race.

A race in how the pseudo ttyp (pty) device handled device writes when
two threads/processes wrote to the same pty, the buffer end could be
overwritten. An attacker could use this to cause a denial-of-service or
gain root privileges.


On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


WordPress Premium Themes