Two Vulnerabilities Uncovered in Linux Kernel

Kara Reeder

Two new Linux vulnerabilities have been uncovered.

 

Computerworld reports that there is a serious Linux kernel security hole that involves Reliable Datagram Sockets. As the article explains, RDS is

used for sending multiple messages from a single network socket to multiple end-points. The point of RDS is that you can use it to keep inter-process communication (IPC) going without timeouts when a system is running under very heavy loads.

The security hole was discovered by VSR Security. According to its security advisory:

Because kernel functions responsible for copying data between kernel and user space failed to verify that a user-provided address actually resided in the user segment, a local attacker could issue specially crafted socket function calls to write arbitrary values into kernel memory. By leveraging this capability, it is possible for unprivileged users to escalate privileges to root.

A second vulnerability comes from a flaw in the library loader of the GNU C library that can be used to gain root privileges, according to PCWorld.com. This flaw was discovered by Tavis Ormandy. A patch is in the works for this low-impact vulnerability.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data