CVE 2013-1763 - Linux Kernel local root exploit

Introduce yourself, create test postings or talk nonsense
User avatar
zazlox
Posts: 39
Joined: 19. Jun 2012, 02:24
Location: Morocco

CVE 2013-1763 - Linux Kernel local root exploit

Post by zazlox »

hello everybody


i read laltely about an exploit for local linux kernel CVE 2013-1763

http://www.h-online.com/security/news/i ... 63892.html


they say that the bug affect :

The bug affects any kernel version between 2.6.37 and 3.8.9 that was compiled using the PERF_EVENTS option; apparently, this is the case with many distributions. Which exact distributions are affected will hopefully soon become clear when the relevant security


as my system salix od right now is on :

Code: Select all

zaz[~]$ uname -r
[b]3.2.29[/b]-smp
zaz[~]$ 


so my question ( as a noob and a beginner in this world ) are we safe ???

anything to do ? updates ? upgrades ?
The Linux philosophy is 'Laugh in the face of danger'. Oops. Wrong One. 'Do it yourself'. Yes, that's it.
User avatar
gapan
Salix Wizard
Posts: 6238
Joined: 6. Jun 2009, 17:40

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by gapan »

zazlox wrote:are we safe ???
No.
zazlox wrote:anything to do ? updates ? upgrades ?
Other than building your own updated kernel (which isn't that hard, there should be a page in the wiki), you can wait for Pat Volkerding to update the kernel in slackware (when and if that happens).
Image
Image
GJones
Donor
Posts: 300
Joined: 22. Jul 2011, 23:27

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by GJones »

You could try the GrSecurity kernel patchset, which does things to mitigate the impact of such kernel holes. It also comes with a MAC system, but doesn't have to be used with that. Note that if you go with GrSec, you might want to disable mprotect() restriction under PaX options, because that will make Firefox and Opera not work at all.

Otherwise I don't think much can be done to prevent kernel exploits. You could enable stack smashing protection at compile time maybe, not sure how much that's worth? Also make sure vm.mmap_min_addr is set to a reasonable value (65536 should do it on x86), and that address space layout randomization is not disabled (or that kernel.randomize_va_space is set to 2). ASLR can protect you from certain userspace exploits, and is NOT fully enabled by default on Salix for some reason.

That said, if you really think there's a danger of getting compromised, you might be better served by a distro that GPG-signs its packages and issues kernel regular kernel updates.

P.S. Use Noscript. Or at least enable click-to-play for all plugins, and disable Java plugin if possible. At the moment the main use of Java applets seems to be in writing cross-platform malware installers. Worse, most Java exploits are IIRC due to design flaws, not memory management issues, so GrSecurity and such will NOT protect from them. (Not without the MAC part anyway.)
GJones
Donor
Posts: 300
Joined: 22. Jul 2011, 23:27

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by GJones »

FWIW the Slackware team just issued a kernel update, which should work on Salix too. It seems that Slackware does in fact issue kernel updates sometimes. :) Not bad.

Edit: for the record, slapt-get withholds kernel updates by default, so those who update will have to slapt-get -i the specific packages.
User avatar
mimosa
Salix Warrior
Posts: 3311
Joined: 25. May 2010, 17:02
Contact:

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by mimosa »

Edit: for the record, slapt-get withholds kernel updates by default, so those who update will have to slapt-get -i the specific packages.
There are one or two other things you'd need to do too, which is why those packages are excluded. Anyone who is unsure should look into the process carefully first, otherwise you will end up with a crippled system.
GJones
Donor
Posts: 300
Joined: 22. Jul 2011, 23:27

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by GJones »

Umm yeah, you have to run LILO afterwards. Sorry I didn't mention that. :o
User avatar
mimosa
Salix Warrior
Posts: 3311
Joined: 25. May 2010, 17:02
Contact:

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by mimosa »

It's a kernel upgrade, and so only for those who know what they're doing. Quite what might be involved depends on each user's situation and knowledge. For the record: if in doubt, it's probably not worth it.
User avatar
gaucho
Donor
Posts: 116
Joined: 23. Dec 2010, 19:12

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by gaucho »

Hi, mimosa,

Thank you for the explanation. :) Those packages appeared as "Upgradeable" today, and I was wondering why ... When I noticed that they were all kernel-related and were excluded (displaying with the padlock icon), I backed off and decided I should do some more research before proceeding.

I'm willing to take the small risk of an exploit and leave things as they are.
Registered Linux User # 442201

Dell Latitude E4300 laptop: Intel Core2 Duo P9400 CPU, 8 GB RAM, Samsung 850 EVO 250 GB SSD, Intel Wireless 7260
User avatar
mimosa
Salix Warrior
Posts: 3311
Joined: 25. May 2010, 17:02
Contact:

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by mimosa »

I think GJones is probably right that the only concern is Lilo. If you have a multi-boot setup, though, depending on what else is on the machine (in particular, anything using a kernel other than the new Slackware 14.0 one), a bit of tinkering might be needed first; and the forum is full of posts from users who came unstuck in such situations. I don't know about grub.

If it was me though, I'd check carefully first that there is indeed nothing else to worry about apart from the bootloader. I'm scratching my head and wondering how all those packages in the repos that were built against the old kernel will run under the new one. Perhaps it's a patched version of the same kernel (same version number)?

I should say I'm not running Salix 14.0 (I used Slackel rather than upgrading the kernel to cope with some unsupported hardware) which is why I'm not being more specific!
User avatar
laprjns
Salix Warrior
Posts: 1105
Joined: 28. Aug 2009, 01:30
Location: Connecticut USA

Re: CVE 2013-1763 - Linux Kernel local root exploit

Post by laprjns »

mimosa wrote:I think GJones is probably right that the only concern is Lilo.
Depending on what you have installed on your system you may also have to rebuild kernel modules like nVidia proprietary and Virtualbox drivers. So don't forget to install the kernel source for the new kernel.
“Don’t you see that the whole aim of Newspeak is to narrow the range of thought?"
Post Reply