http://www.phoronix.com/scan.php?page=news_item&px=MTMxMTg

What are the implications of this? Are all kernels, until 3.9 comes out (and I know Ubuntu/Kubuntu won't adopt the 3.9 kernel for quite a while) completely insecure? Or what versions of the other kernels have patches out that fix them?

The article says:

"The issue will be addressed in the Linux 3.9 kernel and should make it back to the latest stable point releases of the affected Linux kernel series."

So I expect Canonical will apply the patch against supported kernels, and you will get the patched kernel via the Ubuntu usual update/upgrade process.

My kernel on 12.10 is now "Linux R540 3.5.0-21-generic #32-Ubuntu SMP Tue Dec 11 18:51:59 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux"

So: dated 11 December 2012, thus not yet patched (as the patch is newer than that) ... let's see if this kernel is upgraded in the coming days.

A fix has already been released.

http://www.ubuntu.com/usn/usn-1750-1/

http://www.ubuntu.com/usn/usn-1751-1/

http://www.ubuntu.com/usn/usn-1749-1/

http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1763.html

Linux is not Windows and in general patches are released much faster.

You may wish to bookmark this page - http://www.ubuntu.com/usn

In the future, it is worth searching that page for security bugs and fixes ;)

So if I'm using http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.6.3-quantal/, how do I upgrade to an invulnerable (is that the right word?) kernel version?

Or if I have to go back to using an older kernel, how do I get it to roll out to me automatically? For some reason the PPA seems disabled because I haven't been receiving ANY kernel updates (which is why I have to do it manually now).

An error in the handling of special netlink messages in the Linux kernel can allow a user to surreptitiously gain root privileges.

For the full article, please click on the following link: http://www.h-online.com/security/news/item/Vulnerability-in-recent-Linux-kernels-offers-root-rights-1810597.html

My question: has a patched been issued for Ubuntu 12.04 LTS and 12.10 to fix the above vulnerability?

12.04 uses kernel v3.2 by default.

My question: has a patched been issued for Ubuntu 12.04 LTS and 12.10 to fix the above vulnerability?
Yes (http://www.ubuntu.com/usn/usn-1750-1/).

A good place to check if an exploit/bug has been fixed is Ubuntu Security Notices (http://www.ubuntu.com/usn)

You should be able to use any of the Raring kernels listed on the same page. In the Raring sub-forum we have posters that try every new mainline kernel as it's released, no matter what released Ubuntu version they are using.

Merged two similar threads, after posting in both of them. :)

After the publishing of the vulnerability, I do some study on this and find something that you may interested in (http://samiux.blogspot.com/2013/03/exploit-cve-2013-1763-linux-kernel.html).

The affected Linux kernel is from 3.0.8 to 3.7.9 that including Ubuntu 12.04 LTS and 12.10 as well as the 13.04 which is under development at the moment. Fortunately, it is fixed on the version 3.5.0-25.39. However, be keep in mind that the PPA versions may be not fixed yet.

Samiux

The affected Linux kernel is from 3.0.8
I suppose you specifically mean kernel distributed with Ubuntu. Because the commit that caused this vulnerability wasn't merged into the vanilla Linux kernel until 3.3 (http://seclists.org/oss-sec/2013/q1/437).

I suppose you specifically mean kernel distributed with Ubuntu. Because the commit that caused this vulnerability wasn't merged into the vanilla Linux kernel until 3.3 (http://seclists.org/oss-sec/2013/q1/437).

Though it's a bit disappointing that Canonical security team is apparently not up to the task of checking what they backport.

I don't think this statement is correct. Please refer to the "Reference" at my blog, it mentioned that the kernel range that affected.

Edit :

Latest learnt that kernel version 2.6.x are also affected.

Samiux

Fortunately, it is fixed on the version 3.5.0-25.39. However, be keep in mind that the PPA versions may be not fixed yet.
Hm... The most recent in the PPA for me is 3.5.0-21-generic. Where can I find a PPA with a more up-to-date kernel version? Because *buntu seems to be lagging behind in everything...

This isn't a PPA, but you can get the latest kernels here (http://kernel.ubuntu.com/~kernel-ppa/mainline/). Unfortunately there is no automagic updates from there, and you have to manually install the files yourself.

Hm... The most recent in the PPA for me is 3.5.0-21-generic. Where can I find a PPA with a more up-to-date kernel version? Because *buntu seems to be lagging behind in everything...

I think 3.5.0-21 is not from PPA.

You can upgrade to the latest kernel in your distribution, you can :


sudo apt-get update
sudo apt-get dist-upgrade

Samiux

Is 3.5.0-27-generic affected?

Is 3.5.0-27-generic affected?

Where did you get this kernel?

As far as I know, the latest kernel for Ubuntu 12.04 LTS and 12.10 is 3.5.0-25 which is fixed the problem.

Samiux

Where did you get this kernel?

As far as I know, the latest kernel for Ubuntu 12.04 LTS and 12.10 is 3.5.0-25 which is fixed the problem.

Samiux

deb http://ppa.launchpad.net/kernel-ppa/pre-proposed/ubuntu quantal main
deb-src http://ppa.launchpad.net/kernel-ppa/pre-proposed/ubuntu quantal main

For some reason, it doesn't always seem to give me automatic updates, so I have to do apt-get update and then type "sudo apt-get install linux-linux-headers-3.5.0-2" and then press tab twice so I get a list of packages that match that, and install any newer version there is.

Does anyone know if there's non-PoC exploit source code anywhere (aside from on the deep web)? The PoC I found only worked on a few Fedora kernels, and didn't do much. Is there a version that works on most/all Linux distros with the vulnerable kernels? I don't want to find it for malicious purposes, but because I want to test it on a few machines I have that run Linux (like my Kindle) to see if they're vulnerable.

If I'm not allowed to ask this then I appologise, please delete my post.

Does anyone know if there's non-PoC exploit source code anywhere (aside from on the deep web)? The PoC I found only worked on a few Fedora kernels, and didn't do much. Is there a version that works on most/all Linux distros with the vulnerable kernels? I don't want to find it for malicious purposes, but because I want to test it on a few machines I have that run Linux (like my Kindle) to see if they're vulnerable.

If I'm not allowed to ask this then I appologise, please delete my post.

The available PoC (Proof of Concept) exploit code is for Fedora and Ubuntu as well as Arch only. It is available for ethical and malicious hackers. Please read my blog at here (http://samiux.blogspot.com/2013/03/exploit-cve-2013-1763-linux-kernel.html) for the details. If you want to have PoC exploit code for other distributions, you need to develop one for the purpose.

The following is quoted from my blog :


The affected Linux kernel is from 3.0.8 to 3.7.9. The most common Linux distributions such as Fedora and Ubuntu are affected. Fedora 16 to 18 with the kernel before 3.7.9-205.fc18 are affected. Ubuntu 12.04 LTS to 12.10 (including the 13.04 which is under development at this writing) with the kernel before 3.5.0-25.39 are affected.

For Ubuntu (with kernel version 3.x), you need to change the source code for each version of the kernel. However, for Fedora, it works on the 3.x kernel between Fedora 16 and 18 and before kernel version 3.7.9-205.fc18.

It is more harder for the ones, who do not have InfoSec knowledge, want to exploit Ubuntu.

In my opinion, if we cannot discuss the vulnerabilities here, the sub-forum "Security Discussion" should be closed for all. "Coin has two sides."

Samiux

deb http://ppa.launchpad.net/kernel-ppa/pre-proposed/ubuntu quantal main
deb-src http://ppa.launchpad.net/kernel-ppa/pre-proposed/ubuntu quantal main

For some reason, it doesn't always seem to give me automatic updates, so I have to do apt-get update and then type "sudo apt-get install linux-linux-headers-3.5.0-2" and then press tab twice so I get a list of packages that match that, and install any newer version there is.

Back to official kernel or check the kernel with the PoC exploit code yourself to confirm.

Samiux