EGI CSIRT:Alerts/kernel-2010-09-16
Jump to navigation
Jump to search
EGI CSIRT ADVISORY [EGI-ADV-20100916] Title: CRITICAL Kernel Vulnerability: 64-bit Compatibility Mode Stack Pointer Corruption Date: September 16, 2010 URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/kernel-2010-09-16 Background ========== A vulnerability in the 32-bit compatibility layer for 64-bit systems has been reported. It is caused by insecure allocation of user space memory when translating system call inputs to 64-bit. A stack pointer corruption can occur when using the "compat_alloc_user_space" method with an arbitrary length input. This vulnerability has been labeled CVE-2010-3081. A local root exploit for this issue is publically available, and has been verified to work on at least RHEL/CentOS/SLC 5 systems. It is likely that the vulnerability is present also on other distributions, even if this particular exploit doesn't work on them. Recommendations =============== EGI CSIRT has classified this as a critical vulnerability, and all sites should update their 64-bit machines in the EGI infrastructure as soon as vendor kernel updates are published and available. A kernel update for SLC5 x86_64 is expected within a few hours. EGI CSIRT will not issue any recommendation whether to drain queues and disable logins pending a kernel update; we defer to local site policy in this matter. WLCG management is aware of the issue and will accept essential and related unscheduled downtime incurred while handling CVE-2010-3081. References ========== This problem was reported on 2010-09-16 by Ben Hawkes: http://sota.gen.nz/compat1/ http://seclists.org/oss-sec/2010/q3/370 RedHat is recognizing the problem: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3081 A working local root exploit has been published on the Full Disclosure mailing list: http://seclists.org/fulldisclosure/2010/Sep/268