19 Sep 2010

Ksplice Provides Patch for Linux Kernel Exploit CVE-2010-3081 

By - Security No Comments

It has been mentioned in many places on the web, that a vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges.

The folks over at Ksplice have put together a patch that fixes this vulnerability, and a tool to check if your system has been compromised. More detail is available on the Ksplice Blog.

RedHat / CentOS

You can read the Redhat Bugzilla info associated with CVE-2010-3081 here: https://bugzilla.redhat.com/show_bug.cgi?id=634457.

Details from the bug report
The Red Hat Enterprise Linux 4 kernel is not affected by the publicly circulated exploit, but we plan to backport the missing compat_alloc_user_space() sanity checks in the future Red Hat Enterprise Linux 4 update.

This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2010:0704 https://rhn.redhat.com/errata/RHSA-2010-0704.html

Fedora CVE-2010-3081

The following link has information related to Fedora 12/13/14: https://admin.fedoraproject.org/updates/search/CVE-2010-3081

Ubuntu

You can read the Ubuntu Security Notice here: http://www.ubuntu.com/usn/usn-988-1
USN-988-1: Linux kernel vulnerabilities
===========================================================
Ubuntu Security Notice USN-988-1 September 17, 2010
linux, linux-source-2.6.15 vulnerabilities
CVE-2010-3081, CVE-2010-3301
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

Amazon Web Services

Amazon Web Services (AWS CVE-2010-3081) has additional detail on their security bulletins page
Amazon Linux AMI Security Advisory: ALAS-2010-1 Advisory Release Date: September 17, 2010 References: CVE-2010-3081, CVE-2010-3301 Severity: Important

Further details

Further details about the exploit here: http://seclists.org/fulldisclosure/2010/Sep/268.
And more about the vulnerability description here: http://sota.gen.nz/compat1/.

If you are a customer of MNX Solutions and your systems support Ksplice, we have already patched your server. All systems enrolled in our Linux Server Management solution include KSplice at no additional charge. If you have any questions about your server status, please open a support case.

KSplice reacted very quickly to this situation, and is continuing to prove to it’s customers that it is a great solution for reasons just like this!

Stop worrying about server patches

Click here for additional detail or request a proposal so you can start focusing on growing your business, rather than supporting your servers.

No Responses to “Ksplice Provides Patch for Linux Kernel Exploit CVE-2010-3081”

Leave a Reply