A Critical vulnerability in the Linux Kernel has been found by chance by a SUSE user who was doing some tests during traning.
SUSE customer Ericsson reported a kernel crash which turned out to be a race condition in the PTY write buffer handling. When two processes/threads write to the same pty, the buffer end could be overwritten and so memory corruption into adjacent buffers could lead to crashes / code execution.
Red Hat/CentOS Statement
This issue does not affect the versions of the Linux kernel packages as shipped
with Red Hat Enterprise Linux 5.
This issue does affect the versions of the Linux kernel packages as shipped
with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2, and we
are currently working on corrected kernel packages.
This flaw requires shell access, and we are currently unaware of any working
exploits affecting Red Hat Enterprise Linux 6 or Red Hat Enterprise MRG 2.
On the 1st of May was unveiled a new vulnerability in the core of the free operating system present in this system since 2009 that could allow an attacker who exploits it correctly to win permission to be regarded as " root" or request a "kernel panic" in the system by a DoS attack beyond the limits of the memory allocated .
This newly discovered vulnerability affects all versions of the Linux kernel since version 2.6.31 ( version 2009 ) to the current 3.14.3 and 3.15 which is still in development. The vulnerability in question referred to as CVE - 2014-0196 may allow a user without permissions corrupt system memory to gain administrator privileges ( root) to perform almost any function on the affected system and even corrupt memory for an attack DoS blocking team .
Technically, this vulnerability is based on if given at a time over a write to a TTY buffer overflow (buffer overflow ) occurs . The function is running for this function is n_tty_write (), a function of the Linux kernel , so the overflow will have written occur beyond the limits assigned to memory and from there , we can write in the section memory we want without limitations.
There are a CVE and a bugzilla where Red Hat is working to solve the issue, this will then be spread to CentOS
Red Hat users :Errata that Resolves the issue has been released for Red Hat 6
CentOS users : A Kernel patch that resolves the issue is available, no CentOS errata at the moment.
As soon as the vulnerability fix will be provided, it is planned to perform the following steps from OnApp side:
- for affected Control Panel(s), perform the following:
# yum update kernel
- for affected static Backup Server(s), run the command:
# yum update kernel
- for affected static Hypervisors, proceed with standard upgrade procedure using the installer according to the instructions: https://docs.onapp.com/display/32GS/Upgrade+Static+Hypervisors
- for Cloudbooted backup servers and hypervisors, the IS package will be updated.