Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: CVE-2013-2094: Linux privilege escalation SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CVE-2013-2094: Linux privilege escalation

A vulnerability was discovered using fuzzing in linux kernels 2.6.37 till 3.8.9. The vulenrability requires the kernel to be compiled with PERF_EVENTS, but unfortunately that seems the case for quite some linux distributions. CentOS even backported the vulnerability to 2.6.32.

Impact is local privilege escalation, and exploit code is readily available.

More information: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2094

Hat tip: James for sending us some pointers to this.

--
Swa Frantzen -- Section 66

Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!