-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2013-0048
 
Title: Linux kernel Vulnerabilities
 
Version history:
22.05.2013 Initial publication

Summary
=======
A recently-discovered vulnerability in the Linux kernel allows a local user to escalate their privilege level and gain root access.  Working exploit code is publicly available. All relevant Linux distributions have already published an updated kernel which fixes this vulnerability.

An attacker can exploit these issues to execute arbitrary code with root privileges. Successfully exploiting may result in the complete compromise of the affected computers.

CVE numbers:

CVE-2013-2094 7.2 (HIGH) (AV:L/AC:L/Au:N/C:C/I:C/A:C) [1]

Vulnerable systems
==================

Linux kernels 2.6.36 through 3.8.8 (both including).
Linux kernels 2.6.32 with Red Hat backports.

Original Details
================
The performance measurement subsystem in the Linux kernel incorrectly casts a
64-bit integer into a 32-bit integer which is subsequently used for array
dereferencing.  Providing carefully chosen integers as input allows arbitrary
code to be executed.

What can you do?
================
Patching is vendor dependent, the issue has been addressed by CentOS, Debian, Red Hat, Scientific Linux,
Scientific Linux/CERN and Ubuntu. Refer to your distribution's information channels in the more informacion section.


What to tell your users?
========================
N/A

More information
================

[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2094
[2] http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html
[3] https://security-tracker.debian.org/tracker/CVE-2013-2094
[4] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2094
[5] https://rhn.redhat.com/errata/RHSA-2013-0830.html
[6] http://linux.web.cern.ch/linux/updates/updates-slc6.shtml
[7] http://people.canonical.com/~ubuntu-security/cve/CVE-2013-2094


CERT-EU (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu<mailto:cert-eu@ec.europa.eu>
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJRnMtbAAoJEPpzpNLI8SVodkgP/3/v3zB7DQZeAil2ionjNFwD
ibeRTBoIr3/ADaN4vVGZzVB/Yvyz8G1y8bISQRLbx3D4WhoejXxiE4WbFT93a4rc
CHtbIkWFUqmE63QlZL8Ed5dkHDM1LwA3lkdVJOntP8i4N2tBTINlIVBFyUrEStjh
Sv/C5qrhwBOqUdQhFy2oSuQDVsZ81Goa6OVqpdqJm3HGlKGqfazk5XwG3rB1RoBV
DLebm3FExJnBjDU8/XQffnahXKW87EaubtYHR/nJgOXE4HPXMODpYfcfnIlhEPNx
lHG6cbWMiBCuE9UB33a7QaHxFbfT6z1Th8eHnSUfJ6dvlIMbJ2OHgNM5a1ACQFDp
g+23XqyAsdjsdf48IQCEaoENdKzSsowm/S22XjN7cQaj7NPGGSi1kRUOFMnocUgz
X0MIbrQta6KY9VWn3iC9W+NSnP/1L3nNN4C4yf5vzUoMg/z1jzJ95AJfJArF2Gon
EcbQZ9yEzby7mbwtA2VDd/gsFK56iBzDK+zu24BGxy+hfOZcybeN+s5DJdGEKiEJ
BZBJon794InFsUNU5ntMxzR9tNj7XT16f5vMD0Ed+jH1BfUPu0kLjmTVkIgyZe/v
NEFHnZC81uVCNx0vGgx/o7TZJ7YVjoPCqr1hh7DaN/fPskbmc3zbL32Ox+mdBayw
PGc++ypO1LcyLxxiFb9V
=cl/R
-----END PGP SIGNATURE-----