Ksplice Provides Patch for Linux Kernel Exploit CVE-2010-3081
It has been mentioned in many places on the web, that a vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges.
The folks over at Ksplice have put together a patch that fixes this vulnerability, and a tool to check if your system has been compromised. More detail is available on the Ksplice Blog.
RedHat / CentOS
You can read the Redhat Bugzilla info associated with CVE-2010-3081 here: https://bugzilla.redhat.com/show_bug.cgi?id=634457.
Details from the bug report
The Red Hat Enterprise Linux 4 kernel is not affected by the publicly circulated exploit, but we plan to backport the missing compat_alloc_user_space() sanity checks in the future Red Hat Enterprise Linux 4 update.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2010:0704 https://rhn.redhat.com/errata/RHSA-2010-0704.html
Fedora CVE-2010-3081
The following link has information related to Fedora 12/13/14: https://admin.fedoraproject.org/updates/search/CVE-2010-3081
Ubuntu
You can read the Ubuntu Security Notice here: http://www.ubuntu.com/usn/usn-988-1
USN-988-1: Linux kernel vulnerabilities
===========================================================
Ubuntu Security Notice USN-988-1 September 17, 2010
linux, linux-source-2.6.15 vulnerabilities
CVE-2010-3081, CVE-2010-3301
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
Amazon Web Services
Amazon Web Services (AWS CVE-2010-3081) has additional detail on their security bulletins page
Amazon Linux AMI Security Advisory: ALAS-2010-1 Advisory Release Date: September 17, 2010 References: CVE-2010-3081, CVE-2010-3301 Severity: Important
Further details
Further details about the exploit here: http://seclists.org/fulldisclosure/2010/Sep/268.
And more about the vulnerability description here: http://sota.gen.nz/compat1/.
If you are a customer of MNX Solutions and your systems support Ksplice, we have already patched your server. All systems enrolled in our Linux Server Management solution include KSplice at no additional charge. If you have any questions about your server status, please open a support case.
KSplice reacted very quickly to this situation, and is continuing to prove to it’s customers that it is a great solution for reasons just like this!
Stop worrying about server patches
Click here for additional detail or request a proposal so you can start focusing on growing your business, rather than supporting your servers.
