Kernel Exploit: CVE-2013-2094 kernel: perf_swevent_enabled array out-of-bound access

There is a new kernel exploit affecting a variety of linux distributions. This is a privilege escalation exploit.

“The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.”

You can read about it here:

http://www.webhostingtalk.com/showthread.php?t=1266042

https://access.redhat.com/security/cve/CVE-2013-2094

https://bugzilla.redhat.com/show_bug.cgi?id=962792

https://news.ycombinator.com/item?id=5703758

http://www.reddit.com/r/netsec/comments/1eb9iw/sdfucksheeporgs_semtexc_local_linux_root_exploit/c9ykrck

From the exploit:

/*
 * linux 2.6.37-3.x.x x86_64, ~100 LOC
 * gcc-4.6 -O2 semtex.c && ./a.out
 * 2010 sd@fucksheep.org, salut!
 *
 * update may 2013:
 * seems like centos 2.6.32 backported the perf bug, lol.
 * jewgold to 115T6jzGrVMgQ2Nt1Wnua7Ch1EuL9WXT2g if you insist.
 */

There is a temporary work around:

https://bugzilla.redhat.com/show_bug.cgi?id=962792#c13

There are some temporary rpms located here:

http://people.centos.org/hughesjr/c6kernel/2.6.32-358.6.1.el6.cve20132094/x86_64/

Server management customers of Rack911 are being proactively monitored and patched for this vulnerability.