CVE 2013-1763 - Linux Kernel local root exploit

Introduce yourself, create test postings or talk nonsense

CVE 2013-1763 - Linux Kernel local root exploit

Postby zazlox » 18. May 2013, 00:09

hello everybody


i read laltely about an exploit for local linux kernel CVE 2013-1763

http://www.h-online.com/security/news/i ... 63892.html


they say that the bug affect :

The bug affects any kernel version between 2.6.37 and 3.8.9 that was compiled using the PERF_EVENTS option; apparently, this is the case with many distributions. Which exact distributions are affected will hopefully soon become clear when the relevant security


as my system salix od right now is on :

Code: Select all
zaz[~]$ uname -r
[b]3.2.29[/b]-smp
zaz[~]$




so my question ( as a noob and a beginner in this world ) are we safe ???

anything to do ? updates ? upgrades ?
The Linux philosophy is 'Laugh in the face of danger'. Oops. Wrong One. 'Do it yourself'. Yes, that's it.
User avatar
zazlox
 
Posts: 39
Joined: 19. Jun 2012, 02:24
Location: Morocco

Re: CVE 2013-1763 - Linux Kernel local root exploit

Postby gapan » 18. May 2013, 16:26

zazlox wrote:are we safe ???

No.

zazlox wrote:anything to do ? updates ? upgrades ?

Other than building your own updated kernel (which isn't that hard, there should be a page in the wiki), you can wait for Pat Volkerding to update the kernel in slackware (when and if that happens).
Image
Image
User avatar
gapan
Salix Wizard
 
Posts: 4154
Joined: 6. Jun 2009, 17:40

Re: CVE 2013-1763 - Linux Kernel local root exploit

Postby GJones » 21. May 2013, 04:08

You could try the GrSecurity kernel patchset, which does things to mitigate the impact of such kernel holes. It also comes with a MAC system, but doesn't have to be used with that. Note that if you go with GrSec, you might want to disable mprotect() restriction under PaX options, because that will make Firefox and Opera not work at all.

Otherwise I don't think much can be done to prevent kernel exploits. You could enable stack smashing protection at compile time maybe, not sure how much that's worth? Also make sure vm.mmap_min_addr is set to a reasonable value (65536 should do it on x86), and that address space layout randomization is not disabled (or that kernel.randomize_va_space is set to 2). ASLR can protect you from certain userspace exploits, and is NOT fully enabled by default on Salix for some reason.

That said, if you really think there's a danger of getting compromised, you might be better served by a distro that GPG-signs its packages and issues kernel regular kernel updates.

P.S. Use Noscript. Or at least enable click-to-play for all plugins, and disable Java plugin if possible. At the moment the main use of Java applets seems to be in writing cross-platform malware installers. Worse, most Java exploits are IIRC due to design flaws, not memory management issues, so GrSecurity and such will NOT protect from them. (Not without the MAC part anyway.)
GJones
 
Posts: 284
Joined: 22. Jul 2011, 23:27

Re: CVE 2013-1763 - Linux Kernel local root exploit

Postby GJones » 21. May 2013, 14:25

FWIW the Slackware team just issued a kernel update, which should work on Salix too. It seems that Slackware does in fact issue kernel updates sometimes. :) Not bad.

Edit: for the record, slapt-get withholds kernel updates by default, so those who update will have to slapt-get -i the specific packages.
GJones
 
Posts: 284
Joined: 22. Jul 2011, 23:27

Re: CVE 2013-1763 - Linux Kernel local root exploit

Postby mimosa » 21. May 2013, 20:45

Edit: for the record, slapt-get withholds kernel updates by default, so those who update will have to slapt-get -i the specific packages.


There are one or two other things you'd need to do too, which is why those packages are excluded. Anyone who is unsure should look into the process carefully first, otherwise you will end up with a crippled system.
User avatar
mimosa
Salix Warrior
 
Posts: 2344
Joined: 25. May 2010, 17:02

Re: CVE 2013-1763 - Linux Kernel local root exploit

Postby GJones » 21. May 2013, 21:24

Umm yeah, you have to run LILO afterwards. Sorry I didn't mention that. :o
GJones
 
Posts: 284
Joined: 22. Jul 2011, 23:27

Re: CVE 2013-1763 - Linux Kernel local root exploit

Postby mimosa » 21. May 2013, 22:03

It's a kernel upgrade, and so only for those who know what they're doing. Quite what might be involved depends on each user's situation and knowledge. For the record: if in doubt, it's probably not worth it.
User avatar
mimosa
Salix Warrior
 
Posts: 2344
Joined: 25. May 2010, 17:02

Re: CVE 2013-1763 - Linux Kernel local root exploit

Postby gaucho » 22. May 2013, 02:47

Hi, mimosa,

Thank you for the explanation. :) Those packages appeared as "Upgradeable" today, and I was wondering why ... When I noticed that they were all kernel-related and were excluded (displaying with the padlock icon), I backed off and decided I should do some more research before proceeding.

I'm willing to take the small risk of an exploit and leave things as they are.
Registered Linux User # 442201

AMD Athlon II X2 240 (Regor) 2.8 GHz, 4 GB RAM, Seagate Barracuda 320 GB HD, Nvidia GeForce 6150SE nForce 430 integrated GPU, Samsung SH-S222L DVD-RW
User avatar
gaucho
Donor
 
Posts: 69
Joined: 23. Dec 2010, 19:12

Re: CVE 2013-1763 - Linux Kernel local root exploit

Postby mimosa » 22. May 2013, 06:55

I think GJones is probably right that the only concern is Lilo. If you have a multi-boot setup, though, depending on what else is on the machine (in particular, anything using a kernel other than the new Slackware 14.0 one), a bit of tinkering might be needed first; and the forum is full of posts from users who came unstuck in such situations. I don't know about grub.

If it was me though, I'd check carefully first that there is indeed nothing else to worry about apart from the bootloader. I'm scratching my head and wondering how all those packages in the repos that were built against the old kernel will run under the new one. Perhaps it's a patched version of the same kernel (same version number)?

I should say I'm not running Salix 14.0 (I used Slackel rather than upgrading the kernel to cope with some unsupported hardware) which is why I'm not being more specific!
User avatar
mimosa
Salix Warrior
 
Posts: 2344
Joined: 25. May 2010, 17:02

Re: CVE 2013-1763 - Linux Kernel local root exploit

Postby laprjns » 22. May 2013, 10:01

mimosa wrote:I think GJones is probably right that the only concern is Lilo.
Depending on what you have installed on your system you may also have to rebuild kernel modules like nVidia proprietary and Virtualbox drivers. So don't forget to install the kernel source for the new kernel.
User avatar
laprjns
Salix Warrior
 
Posts: 676
Joined: 28. Aug 2009, 01:30
Location: Connecticut USA

Next

Return to Salix pub