-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0032 Title: Linux kernel stack corruption Vulnerability [1] Version history: 05.04.2013 Initial publication Summary ======= A race conditon in ptrace can lead to kernel stack corruption and arbitrary kernel-mode code execution. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue may result in the complete compromise of the affected computers. Be aware local access is necessary to exploit this vulnerability. CVE-2013-0871 CVSS v2 Base Score:6.9 (MEDIUM) (AV:L/AC:M/Au:N/C:C/I:C/A:C) Vulnerable systems ================== Linux kernel before 3.7.5 Original Details [2] ================ putreg() assumes that the tracee is not running and pt_regs_access() can safely play with its stack. However a killed tracee can return from ptrace_stop() to the low-level asm code and do RESTORE_REST, this means that debugger can actually read/modify the kernel stack until the tracee does SAVE_REST again. What can you do? ================ Fix is available from different vendors What to tell your users? ======================== N/A More information ================ [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0871 [2] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9899d11f654474d2d54ea52ceaa2a1f4db3abd68 Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJRXuhYAAoJEPpzpNLI8SVo+wcP/3EuPWuqIk38n0KdG7qiOc18 GUGJvv/yNA8nm1rq6wSvkYMLnMQYhgyyEmeHNfdoyMnXCdhL1L98Fca+7LOnvyyx kGGm+1YUF3hSDpQ+frQSoKXmM6GCppqe8iekZINK1slV6h0qY5lmnIJoI9sjFg6Y MAEhj0qUjqPPjUh1IYasQ84TeUb1xNiEv3DzsrOfxaSfO61U534vXLSONDctgrXg ZubKBVIwAN3xUVMeW2PX+eP+aoAUjQ6h/VTCKHzYwkTWVR6f6FlTd/qe7ccCqump rHHZghdzP+N/5fBH0Ut7QqzjAZmbwZWtDLYOF8aRnpnBBuXlGjqVJDWD/scHdHsB aA5q1H052K2eO0TwnEYJqypWQKALA865xrEKSU7pyBx0mx0JM0cw2yzP5cWwEePm ldNmA5uNuX2Iv2kL9YRJv2b7eGN8ZpGVLTtFwf1E6YfI5K9mMCGtWBI7CjYTxLUG 4MIdXDsRFXp/Tt9H1fnTO4UMNjnDus0MZ7i3QzLPgvfcbKJMr4Nnck98gEdQmQiX cjdoqXYHN8iCEl7m0XNlb7KNMkyVwuQ2+aq4bSMcFxl3nou599JjV8v/zvI9p22D veZhRaR5bZuoO3vav33MsATKqE1/YOaBz0xIbepXqQBC7auGrv+MnqjZ3oslFzCX S/32PPbccOYu+F9S5MNj =WIGn -----END PGP SIGNATURE-----