CVE-2014-3153 is an exploit that may allow an attacker to load DoS or execute privilege escalation attacks through several vectors. Currently no exploit code has been made public for this issue and patched kernels have been released. Our commitment to communicating with our customers and preserving the security of their services dictated that we notify you and send patch information while assisting in any way possible.

Technical Details of Exploit:
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

To ensure your protection from potential CVE-2014-3153 consequences, you must download a patch and reboot your server. For more information on this, please refer to the following articles:

How To Update the Kernel in CentOS / Red Hat
How To Check the Kernel Version in Linux / Ubuntu / CentOS

It is our goal to make certain that you have all of the information and tools necessary to protect the fidelity of your services. We will continue reaching out to keep you apprised of all of the steps that can be taken to keep your operations secure, fast and efficient.

Thank You,

The XWEBHosting Security Team

Monday, July 28, 2014





« Back