EGI CSIRT ADVISORY [EGI-ADV-20100916]
Title: CRITICAL Kernel Vulnerability: 64-bit Compatibility Mode Stack Pointer Corruption
Date: September 16, 2010
A vulnerability in the 32-bit compatibility layer for 64-bit systems has
been reported. It is caused by insecure allocation of user space memory
when translating system call inputs to 64-bit. A stack pointer corruption
can occur when using the "compat_alloc_user_space" method with an
arbitrary length input. This vulnerability has been labeled
A local root exploit for this issue is publically available, and has
been verified to work on at least RHEL/CentOS/SLC 5 systems. It is
likely that the vulnerability is present also on other distributions,
even if this particular exploit doesn't work on them.
EGI CSIRT has classified this as a critical vulnerability, and all sites
should update their 64-bit machines in the EGI infrastructure as soon as
vendor kernel updates are published and available.
A kernel update for SLC5 x86_64 is expected within a few hours.
EGI CSIRT will not issue any recommendation whether to drain queues and
disable logins pending a kernel update; we defer to local site policy in
WLCG management is aware of the issue and will accept essential and related
unscheduled downtime incurred while handling CVE-2010-3081.
This problem was reported on 2010-09-16 by Ben Hawkes:
RedHat is recognizing the problem:
A working local root exploit has been published on the Full Disclosure