A new series of vulnerabilities in Linux Kernel allows an attacker to lead DoS and privilege escalation attack, Debian urges upgrades for Linux users.
Numerous security flaws have been discovered and fixed in the Linux kernel, patch management for these vulnerabilities is critical to avoid that attackers could have led to a denial of service or privilege escalation.
Debian yesterday issued a new security update to warn its Linux users about the presence of new vulnerabilities that could be exploited for the above reasons. The vulnerabilities are
CVE-2014-3144 CVE-2014-3145 CVE-2014-3153
The first two flaws could lead DoS via crafted BPF instructions while the third one could be exploited to crash the kernel or for privilege escalation.
CVE-2014-3144 / CVE-2014-3145
A local user can cause a denial of service (system crash) via crafted BPF instructions.
Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
The above flaw was reported by Pinkie Pie, the anonymous hacker who discovered the sandbox escape against Chrome in 2012.
The futux mechanism, available within most Linux sandboxes, is a “fast, lightweight kernel-assisted locking primitive for user-space applications.”, a local user through its system calls could gain ring 0 control.
Due to the large diffusion of futux mechanism, the fix for the vulnerability CVE-2014-3153 is considered critical.
“The futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered. When later woken up, the altered waiter can result in arbitrary code execution in ring 0,” wrote Kees Cook, a ChromeOS security researcher and former Ubuntu Security Engineer.
Debian and all Linux users are invited to upgrade their packages, be aware that the patches for unstable version will be soon available, meantime version 3.2.57-3+deb7u2 have been already fixed.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.