Search

Language:  
Search for:

Available article translations:

CVE-2014-4699: Linux ptrace bug

APPLIES TO:
  • Parallels Cloud Server 6.0
  • Parallels Virtuozzo Containers for Linux 4.7
  • Parallels Server

Information

The Openwall group provided an alert about a vulnerability on July 4, 2014. You can find more information about CVE-2014-4699 at the Openwall website.

It was found that certain Linux kernel's ptrace subsystem code paths allow the tracer to set tracee's instruction pointer to non-canonical address which is later used on tracee's return to user mode via the sysret instruction, effectively bypassing the hardening introduced via the fixes for CVE-2005-1764 (introduced guard page between the end of the user-mode accessible virtual address space and the beginning of the non-canonical) and CVE-2006-0744 (system call handler hardening).

Parallels confirms this critical issue which allows unprivileged local Container users to crash the host system and likely gain host system's root privileges.

Affected environment

Intel-based systems

On Intel CPUs sysret to non-canonical address causes a fault on the sysret instruction itself after the stack pointer is set to user mode value but before the CPL is changed.

Parallels Virtuozzo Containers, Parallels Server Bare Metal and Parallels Cloud Server products utilize the same kernel which is based on the Red Hat Enterprise Linux kernel.

According to notice on Red Hat Customer Portal only RHEL 6.x (2.6.32- kernels) and RHEL 7.x (3.10- kernels) kernels are affected, and 5.x kernels are not affected. Below you will find list of affected Parallels products:

  • Parallels Cloud Server 6.0 is affected as it is running on 2.6.32-based kernel.
  • Parallels Server Bare Metal 5.0 is affected as it is running on 2.6.32-based kernel.
  • Parallels Virtuozzo Containers for Linux 4.7 is affected as it is running on 2.6.32-based kernel.
  • Parallels Virtuozzo Containers for Linux 4.6 is not affected as it is running on 2.6.18-based kernel.
  • Parallels Server Bare Metal 4.0 is not affected as it is running on 2.6.18-based kernel.
  • Parallels Virtuozzo Containers for Linux 4.0 is not affected as it is running on 2.6.18-based kernel.

NOTE: Parallels Virtuozzo Containers for Linux 4.7 installed on CentOS 5.x is considered affected because it is using 2.6.32-based kernel.

AMD-based systems

Systems running on AMD CPUs are not vulnerable to this issue as sysret on AMD CPUs does not generate a fault before the CPL change.

Resolution

In order to secure your environment it is necessary to install a kernel update containing kernel version 2.6.32-042stab092.2 or newer. Parallels has released updates based on the 2.6.32-042stab092.2 kernel. More details are available in the following release notes:

To install the latest update use the following command:

  • For Parallels Cloud Server 6

    # yum update vzkernel vzkernel-firmware vzmodules vzkernel-devel
    

    NOTE: make sure parallels-cloud-server-updates repository is enabled in system

  • For Parallels Server Bare Metal 5 and Parallels Virtuozzo Containers for Linux 4.7

    # vzup2date -m batch install --core --loader-autoconfig
    

    NOTE: if server wasn't updated for a long time you're likely to encounter issue described in the following article:

    117951: vzkernel update conflicts with bfa-firmware

Please note that rebooting the hardware node is required to complete the installation and secure the environment!

Search words:

PSBM-27973

CVE-2014-4699: Linux ptrace bug




ca05eaf5b843fbd53589c90d7228a6df 2897d76d56d2010f4e3a28f864d69223 eb0ea3b827d18de2329b6477e24c1d59 909d99074e442b52ce54cc7b31cf065d bf1c3a170005eae151f49ba2720abde9 177dc6fee28957c8ff798197ff2c6602 3d9560cc94370f9e1bd9256d230e5ee8

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No
 
 
 
 
 
 
Server Virtualization
- Parallels Cloud Server
- Parallels Containers for Windows 6.0
- Parallels Virtuozzo Containers
Automation
- Parallels Automation
- Parallels Automation for Cloud Infrastructure
- Parallels Business Automation Standard
- Parallels Virtual Automation
- Parallels Plesk Panel Suite
- Web Presence Builder
- Parallels Plesk Automation
- Parallels Small Business Panel
- Value-added Services for Hosters
- Parallels Partner Storefront
Services & Resources
- Cloud Acceleration Services
- Professional Services
- Support Services
- Training & Certification