September 18, 2010
Amazon Linux AMI Security Advisory: ALAS-2010-1 Advisory Release Date: September 17, 2010 References: CVE-2010-3081, CVE-2010-3301 Severity: Important
Issue Overview:
A bug in the Linux kernel allows unprivileged processes to escalate to root privileges on 64-bit kernels via 32-bit system call support.
Affected Versions:
Amazon Linux AMI v0.9.7-beta 64-bit AMIs
AMI IDs
US East- (N. Virginia)
Amazon EBS-Backed (64-bit): ami-0af30663
Amazon S3-Backed (64-bit): ami-d8f005b1
US West- (N. California)
Amazon EBS-Backed (64-bit): ami-8ce4b5c9
Amazon S3-Backed (64-bit): ami-f2e4b5b7
AMI ID EU West- (Ireland)
Amazon EBS-Backed (64-bit): ami-5092b824
Amazon S3-Backed (64-bit): ami-8a9db7fe
AMI ID AP Southeast- (Singapore)
Amazon EBS-Backed (64-bit): ami-de26588c
Amazon S3-Backed (64-bit): ami-d2265880
Running instances of these AMIs can be identified by viewing the /etc/image-id file which will include the line:
image_version=”0.9.7-beta”
Issue Correction:
The issue is corrected in Amazon Linux AMI v0.9.8-beta 64-bit and later.
For affected systems the problem can be corrected either by upgrading packages on running instances or terminating affected instances and relaunching with updated AMIs.
Package versions to upgrade to which will correct the issue:
kernel-2.6.34.6-54.24.amzn1.x86_64.rpm
After installing the kernel package it will be necessary to edit the boot/grub/grub.conf file to set the updated kernel as the default boot kernel.
After upgrading a running instance it is necessary to reboot to allow the instance to run the new kernel and correct the issue.
AMI IDs which contain updated packages which correct the issue:
US East- (N. Virginia)
Amazon EBS-Backed (64-bit): ami-38c33651
Amazon S3-Backed (64-bit): ami-8cc035e5
US West- (N. California)
Amazon EBS-Backed (64-bit): ami-aaebbaef
Amazon S3-Backed (64-bit): ami-acebbae9
AMI ID EU West- (Ireland)
Amazon EBS-Backed (64-bit): ami-807540f4
Amazon S3-Backed (64-bit): ami-927540e6
AMI ID AP Southeast- (Singapore)
Amazon EBS-Backed (64-bit): ami-d8225c8a
Amazon S3-Backed (64-bit): ami-d0225c82
Acknowledgement:
These vulnerabilities were first reported by Ben Hawkes