Two new Linux vulnerabilities have been uncovered.
Computerworld reports that there is a serious Linux kernel security hole that involves Reliable Datagram Sockets. As the article explains, RDS is
used for sending multiple messages from a single network socket to multiple end-points. The point of RDS is that you can use it to keep inter-process communication (IPC) going without timeouts when a system is running under very heavy loads.
The security hole was discovered by VSR Security. According to its security advisory:
Because kernel functions responsible for copying data between kernel and user space failed to verify that a user-provided address actually resided in the user segment, a local attacker could issue specially crafted socket function calls to write arbitrary values into kernel memory. By leveraging this capability, it is possible for unprivileged users to escalate privileges to root.
A second vulnerability comes from a flaw in the library loader of the GNU C library that can be used to gain root privileges, according to PCWorld.com. This flaw was discovered by Tavis Ormandy. A patch is in the works for this low-impact vulnerability.