Started by Kailash, May 14, 2014, 11:05:40 PM
QuoteA race condition in pty (pseudo terminal) write buffer handling could be used by local attackers to corrupt kernel memory and so cause a system crash or potentially code execution.
QuoteJiri thinks:Introduced by d945cb9cce20ac7143c2de8d88b187f62db99bdc (pty: Rework the ptylayer to use the normal buffering logic) in 2.6.31-rc3. Until then, ptywas writing directly to a line discipline without using buffers.So 2.6.31 - 3.15rcX
QuoteStatement:This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5.Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue.
QuoteSynopsis: Early update for local privilege escalation in TTY driver:CVE-2014-0196We felt that it's important for us to ship this update early, beforedistributions released kernels that fix the problem, because our auditshowed that we have a large number of customers affected by the CVE.DESCRIPTION* CVE-2014-0196: Pseudo TTY device write buffer handling race.A race in how the pseudo ttyp (pty) device handled device writes whentwo threads/processes wrote to the same pty, the buffer end could beoverwritten. An attacker could use this to cause a denial-of-service orgain root privileges.INSTALLING THE UPDATESOn systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,these updates will be installed automatically and you do not need totake any action.Alternatively, you can install these updates by running:# /usr/sbin/uptrack-upgrade -y