CVE-2014-0196 kernel: pty layer race condition leading to memory corruption

CVE-2014-0196 kernel: memory corruption

A race condition in pty (pseudo terminal) write buffer handling could be used by local attackers to corrupt kernel memory which can result into a system crash or potentially code execution. The public available exploit is for SuSE and Gentoo, but it is believed that the exploit will work with some modification on CentOS 6 / RHEL 6.

WHMCS Complete Billing and Support

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue.

There is an ongoing thread at WebHostingTalk for this discussion:

http://www.webhostingtalk.com/showthread.php?t=1374900

Posted in Security.