Privilege escalation Linux – CVE-2013-2094


Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

A vulnerability was discovered using fuzzing in linux kernels 2.6.37 till 3.8.9. The vulenrability requires the kernel to be compiled with PERF_EVENTS, but unfortunately that seems the case for quite some linux distributions. CentOS even backported the vulnerability to 2.6.32.

Impact :   local privilege escalation, and exploit code is readily available.

Ref : https://isc.sans.edu/diary/CVE-2013-2094+Linux+privilege+escalation/15803

Ref : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2094

 

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>