Linux Root Access Vulnerabilities

US-CERT is aware of public reports of multiple vulnerabilities affecting Linux. Exploitation of these vulnerabilities may allow an attacker to access the system with root or "superuser" privileges.



The first of these vulnerabilities is due to a flaw in the implementation of the Reliable Datagram Sockets (RDS) protocol in Linux kernel versions 2.6.30 through 2.6.36-rc8. By sending a specially crafted socket function call, an attacker may be able to write arbitrary values into kernel memory and escalate privileges to root.



This vulnerability affects Linux installations where the CONFIG_RDS kernel configuration option is set and where there are no restrictions preventing unprivileged users from loading packet family modules. Reports indicate that this may be the default configuration and that a patch for this vulnerability has been committed to the Linux kernel. Users should apply any updates for their Linux distributions to help mitigate the risks. Additionally, reports indicate that preventing the RDS kernel module from loading is an effective workaround. This can be performed by executing the following command as root:

• echo "alias net-pf-21 off" > /etc/modprobe.d/disable-rds

The second vulnerability is due to a flaw in the library loader of the GNU C library. Exploitation of this vulnerability may allow an attacker to gain root privileges. Reports indicate that patches have not yet been released to address this issue.



US-CERT will provide additional information as it becomes available.