Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-21-2010, 11:42 PM   #1
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Exclamation Linux Kernel Flaw Coughs Up Root Rights

The open-source Linux operating system contains a serious security flaw that can be exploited to gain superuser rights on a target system.

The vulnerability, in the Linux implementation of the Reliable Datagram Sockets (RDS) protocol, affects unpatched versions of the Linux kernel, starting from 2.6.30, where the RDS protocol was first included.

According to VSR Security, the research outfit that discovered the security hole, Linux installations are only vulnerable if the CONFIG_RDS kernel configuration option is set, and if there are no restrictions on unprivileged users loading packet family modules, as is the case on most stock distributions.
Complete Article

Thanks to Slashdot for covering this.
Old 10-22-2010, 01:02 AM   #2
Senior Member
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653
Yeah .. I tested this yesterday, pain in the bum. Here's a quick remediation for Red Hat based distros:

modprobe -r rds

cat <<EOF> /etc/modprobe.d/disable-rds.conf 
install net-pf-21 /bin/true
Old 10-22-2010, 08:10 AM   #3
LQ Guru
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301
Interesting, however:

bash-4.1$ zcat /proc/config.gz | grep CONFIG_RDS
# CONFIG_RDS is not set
Old 10-22-2010, 08:30 AM   #4
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
Redhat's reference to this is at:

It references a bugzilla entry at Redhat. The security response to that says:


The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat
Enterprise MRG did not include support for the RDS Protocol, and therefore are
not affected by this issue. Future kernel updates in Red Hat Enterprise Linux 5
may address this flaw.


For users that do not run applications that use RDS, you can prevent the rds
module from being loaded by adding the following entry to the end of the
/etc/modprobe.d/blacklist file:

blacklist rds

This way, the rds module cannot be loaded accidentally, which may occur if an
application that requires RDS is started. A reboot is not necessary for this
change to take effect but do make sure the module is not loaded in the first
place. You can verify that by running:

lsmod | grep rds

You may also consider removing the CAP_SYS_MODULE capability from the current
global capability set to prevent kernel modules from being loaded or unloaded.
The CAP_SYS_MODULE has a capability number of 16 (see linux/capability.h). The
default value has all the bits set. To remove this capability, you have to
clear the 16th bit of the default 32-bit value, e.g. 0xffffff ^ (1 << 16):

echo 0xFFFEFFFF > /proc/sys/kernel/cap-bound
Since CentOS is downstream of RHEL the above should be true for it as well.

If you're using Fedora you'd probably want to see what they say about it since they typically use higher kernel levels than RHEL.

On checking all my Linux systems I don't see rds loaded. I'm not sure what applications rely on rds but apparently we aren't running any currently.

Last edited by MensaWater; 10-22-2010 at 08:35 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Hole in Linux kernel provides root rights LXer Syndicated Linux News 0 09-17-2010 02:00 PM
Linux Kernel flaw? DOS when out of memory... browny_amiga Linux - Server 16 04-02-2009 06:13 AM
LXer: Dos flaw hits Linux kernel LXer Syndicated Linux News 0 05-04-2006 06:21 PM
Linux root rights dstjames Linux - Security 3 07-24-2004 05:27 AM
Flaw in su allows root access? system Linux - Security 2 12-19-2001 01:20 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:19 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration