There is a flaw in the Linux kernel that could let a local user crash or run programs as an administrator.
Administrators running Ubuntu, some Red Hat systems, Debian, among others are moving to patch a moderately serious memory corruption flaw affecting the n_tty_write function in the Linux kernel up to 3.14.3.
The “n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the “LECHO & !OPOST” case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings,” according to the US CERT release for CVE-2014-0196.
In UNIX/Linux parlance, TTY, derived from Teletype, refers to the command line interface terminal.
The race condition occurs in a feature introduced in 2009 that changed how “pty” — a pseudo tty — handled write buffering, one security researcher said.
“When two processes/threads write to the same pty, the buffer end could be overwritten and so memory corruption into adjacent buffers could lead to crashes / code execution,” the researcher said.
Only a local user can exploit the bug, however, the condition still may pose a risk for affected systems in shared server environments.
Red Hat is working on corrected kernel packages for Red Hat Enterprise Linux (RHEL) 6 and Red Hat Enterprise MRG 2 but has said that RHEL 5 is not affected. Debian has its available fixes and Ubuntu released details about its patches.