Fw: US-CERT Current Activity - Linux Root Access Vulnerabilities
From: "Current Activity" <us-cert@...>
Sent: Monday, October 25, 2010 12:03 PM
To: "Current Activity" <current-activity@...>
Subject: US-CERT Current Activity - Linux Root Access Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
US-CERT Current Activity
Linux Root Access Vulnerabilities
Original release date: October 25, 2010 at 10:31 am
Last revised: October 25, 2010 at 10:31 am
US-CERT is aware of public reports of multiple vulnerabilities
affecting Linux. Exploitation of these vulnerabilities may allow an
attacker to access the system with root or "superuser" privileges.
The first of these vulnerabilities is due to a flaw in the
implementation of the Reliable Datagram Sockets (RDS) protocol in
Linux kernel versions 2.6.30 through 2.6.36-rc8. By sending a
specially crafted socket function call, an attacker may be able to
write arbitrary values into kernel memory and escalate privileges to
This vulnerability affects Linux installations where the CONFIG_RDS
kernel configuration option is set and where there are no restrictions
preventing unprivileged users from loading packet family modules.
Reports indicate that this may be the default configuration and that a
patch for this vulnerability has been committed to the Linux kernel.
Users should apply any updates for their Linux distributions to help
mitigate the risks. Additionally, reports indicate that preventing the
RDS kernel module from loading is an effective workaround. This can be
performed by executing the following command as root:
* echo "alias net-pf-21 off" > /etc/modprobe.d/disable-rds
The second vulnerability is due to a flaw in the library loader of the
GNU C library. Exploitation of this vulnerability may allow an
attacker to gain root privileges. Reports indicate that patches have
not yet been released to address this issue.
US-CERT will provide additional information as it becomes available.
This entry is available athttp://www.us-cert.gov/current/index.ht ... rabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
-----END PGP SIGNATURE-----