Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: CVE-2013-2094: Linux privilege escalation - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CVE-2013-2094: Linux privilege escalation

A vulnerability was discovered using fuzzing in linux kernels 2.6.37 till 3.8.9. The vulenrability requires the kernel to be compiled with PERF_EVENTS, but unfortunately that seems the case for quite some linux distributions. CentOS even backported the vulnerability to 2.6.32.

Impact is local privilege escalation, and exploit code is readily available.

More information: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2094

Hat tip: James for sending us some pointers to this.

--
Swa Frantzen -- Section 66

Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!