Search

Language:  
Search for:

Available article translations:

CVE-2014-4699: Linux ptrace bug

Article ID: 122298, created on Jul 8, 2014, last review on Aug 25, 2014

APPLIES TO:
  • Virtuozzo 6.0
  • Virtuozzo containers for Linux 4.7
  • Virtuozzo hypervisor

Information

The Openwall group provided an alert about a vulnerability on July 4, 2014. You can find more information about CVE-2014-4699 at the Openwall website.

It was found that certain Linux kernel's ptrace subsystem code paths allow the tracer to set tracee's instruction pointer to non-canonical address which is later used on tracee's return to user mode via the sysret instruction, effectively bypassing the hardening introduced via the fixes for CVE-2005-1764 (introduced guard page between the end of the user-mode accessible virtual address space and the beginning of the non-canonical) and CVE-2006-0744 (system call handler hardening).

Parallels confirms this critical issue which allows unprivileged local Container users to crash the host system and likely gain host system's root privileges.

Affected environment

Intel-based systems

On Intel CPUs sysret to non-canonical address causes a fault on the sysret instruction itself after the stack pointer is set to user mode value but before the CPL is changed.

Parallels Virtuozzo Containers, Parallels Server Bare Metal and Parallels Cloud Server products utilize the same kernel which is based on the Red Hat Enterprise Linux kernel.

According to notice on Red Hat Customer Portal only RHEL 6.x (2.6.32- kernels) and RHEL 7.x (3.10- kernels) kernels are affected, and 5.x kernels are not affected. Below you will find list of affected Parallels products:

  • Parallels Cloud Server 6.0 is affected as it is running on 2.6.32-based kernel.
  • Parallels Server Bare Metal 5.0 is affected as it is running on 2.6.32-based kernel.
  • Parallels Virtuozzo Containers for Linux 4.7 is affected as it is running on 2.6.32-based kernel.
  • Parallels Virtuozzo Containers for Linux 4.6 is not affected as it is running on 2.6.18-based kernel.
  • Parallels Server Bare Metal 4.0 is not affected as it is running on 2.6.18-based kernel.
  • Parallels Virtuozzo Containers for Linux 4.0 is not affected as it is running on 2.6.18-based kernel.

NOTE: Parallels Virtuozzo Containers for Linux 4.7 installed on CentOS 5.x is considered affected because it is using 2.6.32-based kernel.

AMD-based systems

Systems running on AMD CPUs are not vulnerable to this issue as sysret on AMD CPUs does not generate a fault before the CPL change.

Resolution

In order to secure your environment it is necessary to install a kernel update containing kernel version 2.6.32-042stab092.2 or newer. Parallels has released updates based on the 2.6.32-042stab092.2 kernel. More details are available in the following release notes:

To install the latest update use the following command:

  • For Parallels Cloud Server 6

    # yum update vzkernel vzkernel-firmware vzmodules vzkernel-devel
    

    NOTE: make sure parallels-cloud-server-updates repository is enabled in system

  • For Parallels Server Bare Metal 5 and Parallels Virtuozzo Containers for Linux 4.7

    # vzup2date -m batch install --core --loader-autoconfig
    

    NOTE: if server wasn't updated for a long time you're likely to encounter issue described in the following article:

    117951: vzkernel update conflicts with bfa-firmware

Please note that rebooting the hardware node is required to complete the installation and secure the environment!

Search words:

PSBM-27973

CVE-2014-4699: Linux ptrace bug




a26b38f94253cdfbf1028d72cf3a498b 2897d76d56d2010f4e3a28f864d69223 e8e50b42231236b82df27684e7ec0beb d02f9caf3e11b191a38179103495106f 0dd5b9380c7d4884d77587f3eb0fa8ef 0c05f0c76fec3dd785e9feafce1099a9 c62e8726973f80975db0531f1ed5c6a2

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No
 
 
 
 
 
 
Server Virtualization
- Odin Cloud Server
- Odin Containers for Windows 6.0
- Odin Virtuozzo Containers
Automation
- Odin Automation
- Odin Automation for Cloud Infrastructure
- Odin Business Automation Standard
- Odin Virtual Automation
- Odin Plesk Panel Suite
- Web Presence Builder
- Odin Plesk Automation
- Odin Small Business Panel
- Value-added Services for Hosters
- Odin Partner Storefront
Services & Resources
- Cloud Acceleration Services
- Professional Services
- Support Services
- Training & Certification