Kernel vulnerabilities have over the time challenged sysadmins either in finding quick and viable solutions to issues affecting their business, or, for the not so strong ones, even career reconsideration.
However, for the veteran sysadmins out there, brace yourselves, a new challenge has arrived, in its code name (CVE-2014-3153).
It seems that teenage mutant pink pony “ethical hacker” Pinkie Pie (yeah you got that right) recently discovered a critical flaw in Linux kernel versions 126.96.36.199/3.2.59/3.4.91/3.10.41/3.12.21/3.14.5 that resides in the futex subsystem call, leaving a queued kernel waiter on the stack, which can be exploited to potentially execute arbitrary code with kernel mode privileges. Yeehaw….
Warnings about this vulnerability have been issued by Debian on Thursday, 5th of June, stating:
Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall,” reads the advisory. “An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
An Ubuntu contributor and also Google Chrome OS security researcher by the name of Kees Cook stated that this flaw, revealed by Pinkie Pie should be an urgent fix.
Specifically, the futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered. When later woken up, the altered waiter can result in arbitrary code execution in ring 0,” Cook wrote Thursday on Seclists.org. “This flaw is especially urgent to fix because futex tends to be available within most Linux sandboxes (because it is used as a glibc pthread primitive).
Leaving aside his cute and innocent nickname, Pinkie Pie truly deserves his ethical hacker title, his skills scooped him at least $100,000 for bypassing the security features of Google Chrome at every Pwnium and Pwn2Own competition since the year 2012.