Kernel privilege escalation flaw (and fixes)
+++ This is a shout out to all you sysadmins and paranoid types +++
There is a flaw in certain kernels that would pose a serious security risk that local users could leverage. It is described at IDG/PCWorld:
Linux Vendors Rush to Patch Privilege Escalation Flaw After Root Exploits Emerge | PCWorld Business Center
and The H:
Linux root exploit due to memory access - Update 2 - The H Open Source: News and Features
Red Hat has a KB article here:
which describes how it affects RHEL 6 (but not 4/5) and interim solutions you can take, if you can't get the kernel patch.
The exploit below takes advantage of the flaw:
CVE-2012-0056 - Mempodipper, a linux local root exploit.
I have confirmed that the exploit works (allows a non-root user to spawn a root shell) on:
- Red Hat 6 / kernel 2.6.32-220.el6.x86_64
- Fedora 16 / kernel 3.1.6-1.fc16.i686.PAE
It is trivial to test the exploit, a simple wget, gcc, and ./ and you'll know where you stand. I recommend it.
I updated the Fedora box to the latest kernel in the Fedora 16 updates repo (3.2.1-3) which includes the patch to fix this, rebooted, and yes, the exploit is foiled.
I updated the RHEL box to the kernel listed in their KB (2.6.32-220.4.1) and it also fixed the problem. (Well, technically, I used the RPM from the CentOS updates repo b/c I don't have an RHN, but it's good to know that I could do that.)
Apparently Canonical/Ubuntu and Arch have released patched kernels, too. Or you could just grab Linus's kernel patch and apply it to the kernel source and recompile, if that's how you roll.