giovedì 15 maggio 2014

CVE-2014-0196: Linux kernel pty layer race

Two days ago a temible exploit was released for local privilage escalation in the linux kernel. The bug was found on the 29th of April: memory corruption via a race in pty write handling , affected kernels are 2.6.31 -> 3.14rcX

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

There is an exploit available for local privilage escalation, written by Matthew Daley and can be found here . There was also an attempt before for local DOS thru the same bug, that can be found here.

Just waiting for a kernel release :)

For more information :