Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: Circa 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301) SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Circa 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)

Several of our readers sent us a heads up about a Linux kernel vulnerability which was previously patched, but has
leaked back into the kernel.
The vulnerability exists in the 32-bit compatibility mode of the kernel and upon execution can result in a local root
compromise.

The Heise security team reportedly obtained a root shell on 64-bit Ubuntu 10.04 using this exploit.

The current workaround involves temporarily disabling the execution of 32-bit applications (See Full-Disclosure and the Redhat article below for details)

Reportedly all current Linux kernels are affected (patch is in the works) as well as backported kernels from vendors like Redhat.

References:
@benhawkes (Deserves the credit for discovering this re-emergence. Not linking as exploit code is provided)
http://xorl.wordpress.com/2009/08/07/cve-2007-4573-linux-kernel-ia32-system-call-emulation-vulnerability/
https://bugzilla.redhat.com/show_bug.cgi?id=634457
https://access.redhat.com/kb/docs/DOC-40265
http://www.heise.de/newsticker/meldung/Luecke-im-Linux-Kernel-ermoeglicht-Root-Rechte-1081195.html (German)
Full-Disclosure

Thanks to Jens Hektor and Dave for bringing this to our attention.

Robert
ISC Handler on Duty

Robert

49 Posts
Credits should go to the people from CERN who reported that to the colleagues of our HPC system.

And: I guess CVE-2010-3301 is a typo should read CVE-2010-3081
Anonymous

Sign Up for Free or Log In to start participating in the conversation!