Patches ready for Red Hat, Ubuntu and others affected by Linux kernel flaw

Summary:Linux admins should start patching a newly discovered flaw affecting a component of the kernel.

Patches are in the works for several Linux distributions affected by a newly-discovered flaw in the Linux kernel that could let a local user crash or run programs as an administrator.

Admins running Ubuntu, some Red Hat systems, Debian, and other distros are advised to patch a moderately serious memory corruption flaw affecting the n_tty_write function in the Linux kernel up to 3.14.3.

According to US CERT writeup for CVE-2014-0196 bug, the "n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings."

In UNIX/Linux parlance, TTY, derived from Teletype, refers to the command line interface terminal.

A discussion about the bug by a Novell Suse security engineer notes the race condition occurs in a feature introduced in 2009 that changed how "pty" — a pseudo tty — handled write buffering.

"When two processes/threads write to the same pty, the buffer end could be overwritten and so memory corruption into adjacent buffers could lead to crashes / code execution," the Suse security engineer wrote. 

As noted by Ars Technica, although only a local user can exploit the bug, that condition still may pose a risk for affected systems in shared sever environments.

Red Hat is working on corrected kernel packages for Red Hat Enterprise Linux (RHEL) 6 and Red Hat Enterprise MRG 2 but has said that RHEL 5 is not affected. Debian has details about its available fixes here, while Ubuntu has released details about its patches here.

Topics: Security


Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.