The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

cybersecurity vulnerability CVE-2013-0871

Linux kernel: privilege elevation via PTRACE_SETREGS

Synthesis of the vulnerability

A local attacker can create a program using ptrace(), in order to alter the execution procedure, to elevate his privileges.
Severity of this alert: 2/4.
Creation date: 18/02/2013.
Références of this alert: BID-57986, CERTA-2013-AVI-155, CERTA-2013-AVI-454, CVE-2013-0871, DSA-2632-1, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, openSUSE-SU-2013:0396-1, openSUSE-SU-2013:0925-1, openSUSE-SU-2013:0927-1, RHSA-2013:0567-01, RHSA-2013:0621-01, RHSA-2013:0622-01, RHSA-2013:0661-01, RHSA-2013:0662-01, RHSA-2013:0695-01, RHSA-2013:0741-01, SUSE-SU-2013:0341-1, SUSE-SU-2013:0674-1, SUSE-SU-2013:0786-1, VIGILANCE-VUL-12431, VMSA-2013-0009, VMSA-2013-0009.2.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The systrace() system call tracks and controls the execution of a process. The PTRACE_GETREGS and PTRACE_SETREGS options obtain and change values in registers.

When a process receives the SIGKILL signal, it stops. However, when the schedule() function runs, if the tracer process alters registers with PTRACE_SETREGS, values which are unstacked contain an incorrect RIP (address of the next instruction).

A local attacker can therefore create a program using ptrace(), in order to alter the execution procedure, to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

This vulnerability impacts software or systems such as Debian, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX.

Our Vigil@nce team determined that the severity of this security announce is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer vulnerability note.

Solutions for this threat

Linux kernel: version 3.7.5.
The version 3.7.5 is fixed:
  http://www.kernel.org/pub/linux/kernel/v3.0/

Linux kernel: version 3.4.28.
The version 3.4.28 is fixed:
  http://www.kernel.org/pub/linux/kernel/v3.0/

Linux kernel: version 3.2.39.
The version 3.2.39 is fixed:
  http://www.kernel.org/pub/linux/kernel/v3.0/

Linux kernel: version 2.6.32.61.
The version 2.6.32.61 is fixed:
  https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/

Linux kernel: patch for PTRACE_SETREGS.
A patch is available in information sources.

Debian: new linux-2.6 packages.
New packages are available:
  linux-2.6 2.6.32-48squeeze1

openSUSE 11.4: new kernel-3.0.58 packages (10/06/2013).
New packages are available:
  kernel-3.0.58-30.2

openSUSE 11.4: new kernel-3.0.74 packages (10/06/2013).
New packages are available:
  kernel-3.0.74-34.1

openSUSE 12.1: new kernel packages.
New packages are available:
  kernel-3.1.10-1.19.1

RHEL 5.6: new kernel packages.
New packages are available:
  kernel-2.6.18-238.49.1.el5

RHEL 5: new kernel packages.
New packages are available:
  kernel-2.6.18-348.3.1.el5

RHEL 6.1: new kernel packages.
New packages are available:
  kernel-2.6.32-131.38.1.el6

RHEL 6.2: new kernel packages.
New packages are available:
  kernel-2.6.32-220.34.1.el6

RHEL 6.3: new kernel packages.
New packages are available:
  kernel-2.6.32-279.23.1.el6

RHEL 6 MRG: new kernel-rt packages.
New packages are available:
  kernel-rt-3.6.11-rt30.25.el6rt

RHEL 6: new kernel packages.
New packages are available:
  kernel-2.6.32-358.0.1.el6

SUSE LE 10: new kernel packages.
New packages are available:
  kernel-2.6.16.60-0.101.1

SUSE LE 11: new kernel packages.
New packages are available:
  kernel-3.0.58-0.6.6.1

SUSE LE Real Time: new kernel-rt packages.
New packages are available:
  kernel-rt-3.0.74.rt98-0.6.2.1

VMware ESX 4.0: patch ESX400-201310001.
A patch is available:
  ESX400-201310001.zip
  http://kb.vmware.com/kb/2059490

VMware ESX 4.1: patch ESX410-201307001.
A patch is available:
  http://kb.vmware.com/kb/2053393
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a network vulnerability patch. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system.