CVE-2014-0196 kernel: pty layer race condition leading to memory corruption

CVE-2014-0196 kernel: memory corruption

A race condition in pty (pseudo terminal) write buffer handling could be used by local attackers to corrupt kernel memory which can result into a system crash or potentially code execution. The public available exploit is for SuSE and Gentoo, but it is believed that the exploit will work with some modification on CentOS 6 / RHEL 6.

WHMCS Complete Billing and Support

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue.

There is an ongoing thread at WebHostingTalk for this discussion:

https://www.webhostingtalk.com/showthread.php?t=1374900

This Post Has 2 Comments

  1. Kailash

    Ksplice just released an update:

    Synopsis: Early update for local privilege escalation in TTY driver:

    CVE-2014-0196

    We felt that it’s important for us to ship this update early, before

    distributions released kernels that fix the problem, because our audit

    showed that we have a large number of customers affected by the CVE.

    DESCRIPTION

    * CVE-2014-0196: Pseudo TTY device write buffer handling race.

    A race in how the pseudo ttyp (pty) device handled device writes when

    two threads/processes wrote to the same pty, the buffer end could be

    overwritten. An attacker could use this to cause a denial-of-service or

    gain root privileges.

    INSTALLING THE UPDATES

    On systems that have “autoinstall = yes” in /etc/uptrack/uptrack.conf,

    these updates will be installed automatically and you do not need to

    take any action.

    Alternatively, you can install these updates by running:

    # /usr/sbin/uptrack-upgrade -y

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.