Vulnerability CVE-2012-0056 is a nasty one if you’re running a Linux kernel release 2.6.39 through 3.2.1.
The exploit is a privilege escalation attack, meaning that the attacker has to get a foothold on your system. But once the attack has an unprivileged process on your system, its privileges can be elevated to root. Game over.
As usual, the exploit is not a trivial thing to understand. It is based on insufficient access control on /proc/PID/mem. The attack must open a file descriptor to the memory map for a setuid process, lseek to the correct location in memory, and then write shell code into place. There’s more to it than that, a nicely detailed full description is here. This isn’t just a theoretical attack, working exploit code is available.
Linux is the most commonly used operating system in the IaaS cloud environment where system maintenance and patching are your responsibility. This confronts you with two big questions:
1) Does my cloud server need a patch?
2) If so, how hard is it to apply the patch?
Here’s the good news for AWS EC2 if you use it wisely: Running the most recent Amazon-owned AMI of Amazon Linux without “beta” in its name, we get a kernel patched against this exploit. That’s good news for right now, but new vulnerabilities are discovered all the time. What if we had a vulnerable kernel?
Further good news, at least for the Amazon Linux images, is that it’s as easy as doing the following as soon as Amazon updates their RPM repository:
# yum upgrade # reboot
Read the output carefully, make a note of what is being upgraded.
Patching this vulnerability means a kernel update, so a reboot will be needed for this type of update. An update to a shared library or a server binary might need no more than a restart of the modified services.
The important thing here is that Amazon gives me something pretty good to start with, and then provides and maintains the repository of packages that I need to apply patches. Their RPM repository is within their infrastructure, so Amazon Linux yum operations run blazingly fast.
Learning Tree’s course, Linux® Administration and Support, shows you how to manage packages, patching and configuration management, while Cloud Security Essentials shows you how to extend this into the cloud.