CERT mailing list archives
Current Activity - Linux Root Access Vulnerabilities
From: Current Activity <us-cert () us-cert gov>
Date: Mon, 25 Oct 2010 12:03:45 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Linux Root Access Vulnerabilities Original release date: October 25, 2010 at 10:31 am Last revised: October 25, 2010 at 10:31 am US-CERT is aware of public reports of multiple vulnerabilities affecting Linux. Exploitation of these vulnerabilities may allow an attacker to access the system with root or "superuser" privileges. The first of these vulnerabilities is due to a flaw in the implementation of the Reliable Datagram Sockets (RDS) protocol in Linux kernel versions 2.6.30 through 2.6.36-rc8. By sending a specially crafted socket function call, an attacker may be able to write arbitrary values into kernel memory and escalate privileges to root. This vulnerability affects Linux installations where the CONFIG_RDS kernel configuration option is set and where there are no restrictions preventing unprivileged users from loading packet family modules. Reports indicate that this may be the default configuration and that a patch for this vulnerability has been committed to the Linux kernel. Users should apply any updates for their Linux distributions to help mitigate the risks. Additionally, reports indicate that preventing the RDS kernel module from loading is an effective workaround. This can be performed by executing the following command as root: * echo "alias net-pf-21 off" > /etc/modprobe.d/disable-rds The second vulnerability is due to a flaw in the library loader of the GNU C library. Exploitation of this vulnerability may allow an attacker to gain root privileges. Reports indicate that patches have not yet been released to address this issue. US-CERT will provide additional information as it becomes available. ==== This entry is available at http://www.us-cert.gov/current/index.html#linux_root_access_vulnerabilities -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTMWqRT6pPKYJORa3AQKmjgf+NoghT77JMj+U5AmBYy6Hy8bd51NNVr6u tVnIwCD3VgAgC2IIUpObKLGYLQZe2x1J27bz9pcOHUhxQhRDv8vbrISp+MufZgBE UN9aMDWvNYWkCL16fbHa9A0UhVhIav6APR90MREXLwzsZyLgsMXCsCJ3DPJnB4jh 4ZGok3mkMA+CaWrgcX3Rypz4NXTYHrw+vDgECRzqSgklrmmh2U2VKtB/Cmu5dskV lXbkD3grrK2jDa7pht944YJo8T3BzJdy/3n48XRBAU+Qy5H03GpGkIKl3kjmXhmO XcgWvC9TtHleploWjH7u0PwamcCHuc737VQBmLDRCGamVGdSZjYuLg== =PQ7V -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Linux Root Access Vulnerabilities Current Activity (Oct 25)