Skip to end of metadata
Go to start of metadata
Linux Local Privilege Escalation
Details of a critical Linux local privilege escalation vulnerability were reported on May 14, 2013.
This zero-day vulnerability appears to affect multiple flavors of Linux (RedHat/CentOS, Ubuntu, Debian, and others) and exploit code has already been publicly released and confirmed. This vulnerability requires a local shell account and allows attackers to quickly escalate their privileges to root access.
Fixes for RHEL 6 and Ubuntu 12.04 have been released, please see the links below.
Linux kernel versions 2.6.32 - 3.8.8 appear to be affected.
It has been stated that though 32-bit kernels are not exploitable using the current proof of concept code, they are still vulnerable.
Please note that SELinux features *DO NOT* mitigate this vulnerability.
Distribution details and patches:
A temporary patched kernel from Centos:
The command: sysctl kernel.perf_event_paranoid=2
can be used for temporary mitigation of the currently published exploit, but see below:
> Can you confirm that : > sysctl kernel.perf_event_paranoid=2 > > is a good enough solution for our users in short term ?
Our testing shows that this is not sufficient to avoid the issue in general, but it is currently sufficient mitigation against the publicly available (unmodified) exploits. Best regards, -- Petr Matousek / Red Hat Security Response Team
CVE-2013-2094 has been assigned for this vulnerability:
Please see the following thread for detailed information:
What you should do:
Verify if your particular workstation or server OS versions are vulnerable to this attack
Monitor the NIST page and vendor sites for forthcoming patches
If possible, take the opportunity to audit your users and delete any temporary, unused or defunct accounts.
Make sure that your systems are sending their logs to our central syslog server (https://commons.lbl.gov/x/aol1B)
Contact email@example.com if you notice any unusual behavior on your systems