Forgot your password?
typodupeerror
Security Linux

RDS Protocol Bug Creates a Linux Kernel Hole, Now Fixed 89

Trailrunner7 writes "The open-source Linux operating system contains a serious security flaw that can be exploited to gain superuser rights on a target system. The vulnerability, in the Linux implementation of the Reliable Datagram Sockets (RDS) protocol, affects unpatched versions of the Linux kernel, starting from 2.6.30, where the RDS protocol was first included." The article goes on to say, though, that "Linux installations are only vulnerable if the CONFIG_RDS kernel configuration option is set, and if there are no restrictions on unprivileged users loading packet family modules, as is the case on most stock distributions," and that Linus Torvalds has committed a fix.
This discussion has been archived. No new comments can be posted.

RDS Protocol Bug Creates a Linux Kernel Hole, Now Fixed

Comments Filter:
  • by jgrahn ( 181062 ) on Thursday October 21, 2010 @02:34PM (#33977314)
    And they should say who actually has this code /installed/. RDS surely falls in the same category as SCTP -- might be useful in the lab at CERN, but not on any normal server, and certainly not on some random Ubuntu user's desktop.
  • by CannonballHead ( 842625 ) on Thursday October 21, 2010 @02:35PM (#33977350)
    Hm. By default? I don't know, but the article mentions testing the exploit on Ubuntu 10.04 x64.
  • by Meshach ( 578918 ) on Thursday October 21, 2010 @02:40PM (#33977426)

    If you release early and you release often, you will release a big piece of sh^H^H code with a lot of bugs.

    Funny how Microsoft releases late and releases seldom and has the same problem...

  • by h4rr4r ( 612664 ) on Thursday October 21, 2010 @02:41PM (#33977434)

    Better question do any distros ship with this on by default?

    They mention 10.04, but do not say if they had to enable it first. I guess I will have to check what modules my desktop has at home to see.

  • by stagg ( 1606187 ) on Thursday October 21, 2010 @03:17PM (#33977990)
    The same article announcing the existence of the exploit announced the existence of the fix. That's pretty good support if you ask me, and it's hard to be too worried under those circumstances.
  • by tlhIngan ( 30335 ) <slashdot.worf@net> on Thursday October 21, 2010 @04:14PM (#33978902)

    They should mention in the summary this is a local privilege escalation exploit only.

    Local exploits become remote exploits througha vulnerable service or bad passwords. Just because something can only be done locally means nothing. It just means all I need to do is gain any sort of access then use the exploit. Instant root. And all I needed was just the ability to run a bit of my code. Or if I've previously gotten access in but not used it because running things as "nobody" isn't terribly useful, now with the ability to get root makes it very useful.

    It's the same sort of thing that let that jailbreakme.com thing work - Safari downloads a PDF, the PDF display code tries to display it and fails, and runs the exploit code. Exploit code runs as Safari, uses a priviledge escalation hole to get root access, then does lal the jailbreak stuff as root.

  • by miknix ( 1047580 ) on Thursday October 21, 2010 @05:38PM (#33980076) Homepage

    That's why I like and appreciate user personalization in GNU/Linux. At expense of being modded down, imagine Gentoo Linux for example. The kernel and userspace are built mostly by the user and so, there is a lot of user generated entropy in it. That is good for security since we can't really say for sure if Gentoo is vulnerable to this attack or other attack. The kernel option is there, it depends if the user enabled it or not.

  • by sjames ( 1099 ) on Thursday October 21, 2010 @11:42PM (#33982572) Homepage Journal

    And meanwhile, since practically nobody and nothing actually uses that protocol, just disabe it unless/until you apply the update.

Vital papers will demonstrate their vitality by spontaneously moving from where you left them to where you can't find them.

Working...