Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - CVE-2013-2094: Linux privilege escalation InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

CVE-2013-2094: Linux privilege escalation

Published: 2013-05-14
Last Updated: 2013-05-14 22:44:10 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

A vulnerability was discovered using fuzzing in linux kernels 2.6.37 till 3.8.9. The vulenrability requires the kernel to be compiled with PERF_EVENTS, but unfortunately that seems the case for quite some linux distributions. CentOS even backported the vulnerability to 2.6.32.

Impact is local privilege escalation, and exploit code is readily available.

More information: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2094

Hat tip: James for sending us some pointers to this.

--
Swa Frantzen -- Section 66

Keywords: kernel linux
0 comment(s)
Diary Archives