Vulnerability found in the ptrace subsystem of the Linux kernel
In the implementation of the ptrace system call , a vulnerability was discovered CVE-2014-4699 , which allows raising its privileges in the system or causing a kernel panic. Vulnerability is manifested only on the x86_64 architecture when using some models of Intel processors. The problem manifests itself since the kernel 2.6.17, but the operation technique for different releases may differ. To check for vulnerabilities, a working exploit prototype has been published . Attention, test only on virtual))))
The problem is caused by the lack of verification of the correctness of the RIP register in the ptrace API, which under certain circumstances can lead to the restoration of an incorrect return point when using the 'sysret' instruction. The vulnerability is already fixed in the Linux kernel releases 3.15.4, 3.14.11, 3.4.97 and 3.10.47. Debian , Ubuntu and Arch Linux are among the distributions that have released the update. For other distributions there is no data.
The problem is caused by the lack of verification of the correctness of the RIP register in the ptrace API, which under certain circumstances can lead to the restoration of an incorrect return point when using the 'sysret' instruction. The vulnerability is already fixed in the Linux kernel releases 3.15.4, 3.14.11, 3.4.97 and 3.10.47. Debian , Ubuntu and Arch Linux are among the distributions that have released the update. For other distributions there is no data.
')
Source: https://habr.com/ru/post/229303/
All Articles