Technical Details of Exploit:
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
To ensure your protection from potential CVE-2014-3153 consequences, you must download a patch and reboot your server. For more information on this, please refer to the following articles:
How To Update the Kernel in CentOS / Red Hat
How To Check the Kernel Version in Linux / Ubuntu / CentOS
It is our goal to make certain that you have all of the information and tools necessary to protect the fidelity of your services. We will continue reaching out to keep you apprised of all of the steps that can be taken to keep your operations secure, fast and efficient.
Thank You,
The XWEBHosting Security Team
دوشنبه, جولای 28, 2014