We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Local Linux root exploit 2.6.37 to 3.8.8


ricardo.durao
15-05-13, 16:09
A root exploit has just been published.

While we have not been able to exploit this vulnerability
on a GRSEC kernel, it could cause servers to crash under certain conditions.

We released the 3.8.13 kernel today.
All OVH kernel distributions are now delivered
with the latest Linux kernel.

If your server uses NetBoot, you can simply reboot it.
If not, you can install the new kernel manually by clicking here:

[GRS] ftp://ftp.ovh.net/made-in-ovh/bzImag...xx-grs-ipv6-64
[STD] ftp://ftp.ovh.net/made-in-ovh/bzImag...xx-std-ipv6-64

Or for VMs:
[GRS] ftp://ftp.ovh.net/made-in-ovh/bzImag...ps-grs-ipv6-64
[STD] ftp://ftp.ovh.net/made-in-ovh/bzImag...ps-std-ipv6-64

In addition to fixing this loophole, the new kernel also brings improved performances,
especially for the network.

Redhat RHEL 6.0 (but not 5.0) has also been affected:
https://bugzilla.redhat.com/show_bug.cgi?id=962792

Almost all distributions kernels are vulnerable.


*** Mitigation ***

The exploit is no longer functional after changing the kernel.perf_event_paranoid parameter:
# sysctl kernel.perf_event_paranoid=2

However, this does not correct the underlying vulnerability, thus
rebooting the server onto the new kernel ASAP is highly recommended.