Linux kernel vulnerability coughs up superuser rights
Summary: The open-source Linux operating system contains a serious security flaw that can be exploited to gain superuser rights on a target system.
The open-source Linux operating system contains a serious security flaw that can be exploited to gain superuser rights on a target system.
The vulnerability, in the Linux implementation of the Reliable Datagram Sockets (RDS) protocol, affects unpatched versions of the Linux kernel, starting from 2.6.30, where the RDS protocol was first included.
According to VSR Security, the research outfit that discovered the security hole, Linux installations are only vulnerable if the CONFIG_RDS kernel configuration option is set, and if there are no restrictions on unprivileged users loading packet family modules, as is the case on most stock distributions.
Because kernel functions responsible for copying data between kernel and user space failed to verify that a user-provided address actually resided in the user segment, a local attacker could issue specially crafted socket function calls to write arbritrary values into kernel memory. By leveraging this capability, it is possible for unprivileged users to escalate privileges to root.
The company has released a proof-of-concept exploit to demonstrate the severity of the vulnerability. The folks at The H Security tested the exploit on Ubuntu 10.04 (64-bit) and successfully opened a root shell.
A fix for this issue has been committed by Linus Torvalds. VSR Security recommends that users install updates provided by downstream distributions or apply the committed patch and recompile their kernel.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Requires local access
All of which is lost on Linux advocates when it comes to Windows.
It sure would be nice if they could offer up some consistency with their arguments.
No, not a chance
P.S. Ubuntu corrected this on October 19 as part of one of it's routine updates. Promptly solved, <b>this is NOT an issue</b>.
And do you have any idea what you're talking about? Obviously you have not.
RDS is a protocol used to allow intercommunication between servers that belong to the same cluster so...
<b>Local access is REQUIRED in a exploit.</b>
Hope you are able to understand what I wrote above. I'm not betting on it though.
When did Linux advocates start writing for ZDNet?
And it's nice of you to acknowledge Linux advocates aren't interested in the facts.
[i]There's no chance you will ever find consistency with their arguments against Linux (or yours), all you'll find is material to generate flame wars and consequently page hits.[/i]
Why are you so hard on Linux advocates all of a sudden?
[i]Ubuntu corrected this on October 19 as part of one of it's routine updates. This is NOT an issue.[/i]
Which is completely irrelevant to the discussion.
Do you consider an SSH session with a shell local access?
And what of the privilege escalation vulnerabilities on Windows? I don't recall having seen you come to the defense of Windows when the Linux fanboys were faulting Windows for them.
@ye: I assumed you were including Narayne
RE: Linux kernel vulnerability coughs up superuser rights
Personally I do not see that as a good excuse for either OS. There's always SOMEBODY who needs access to a room or even the computer itself who you do not want having root access even if you do not mind that person having access to the locked down computer. That person may not want to bring down your system, but he may be tempted to take a quick peek at the payroll files if he thought he could get away with it.
Therefore, I am disappointed in Linux in general for letting this through. Likewise I am disappointed that the fix has been committed 6 days ago and we are just now hearing about it.
I don't see Ryan attempting to denigrate Linux
What I saw was a reporting of a vulnerability in Linux. Is that what you consitute "denigrating Linux"? If so you've set the bar extremely low.
@ye: Exactly! Ryan gave us another opportunity
another opportunity to show how silly are those claims against Linux.
Ryan Narayne is being good to Linux and we appreciate what he's doing.
I agree.
RE: Linux kernel vulnerability coughs up superuser rights
Smoke and mirrors
You have been deceived. On Linux as on Windows and OS X, <i>local exploit</i> is still severe because anyone who can use an exploit in Firefox (of which there are many, many!) will then run <i>as a local user</i>. So in a blended attack this is very severe. It will easily bypass apparmor etc.
It is a mistake (deceit) to believe that "local" means that you must have physical access.
That depends.
Linux apologists are having a major work out
Re: HUGE security hole
yes it is. But, unlike the usual situation with "secret sauce" Windows OS, in which you must wait for Microsoft to provide a patch, instruction to shut down RDF on unpatched systems are provided right in the VSR advisory. I've just typed the textfile into my box-- and I'm about to restart.
My thanks to VSecurity, and the Linux team guys who worked with them!
No, you're thinking of "physical access".
Physical access is "Game Over". Local access is an unprivileged user.
Unprivileged user will be able to escalate right on the machine he is using
No remote exploits are possible. A malicious unprivileged user must already be an authorized user on that same machine.
Physical access is a <b>NECESSARY CONDITION</b> for a successful exploit.
No, it is not.
All that's necessary is to have a shell account which can be accessed remotely. Do you even understand UNIX?
@ye: Meaning you must be an AUTHORIZED user of that machine to start with