search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Linux kernel RDS protocol vulnerability

Vulnerability Note VU#362983

Original Release Date: 2010-10-25 | Last Revised: 2010-10-25

Overview

The RDS protocol implementation of Linux kernels 2.6.30 through 2.6.38-rc8 contain a local privilege escalation vulnerability.

Description

Kernel functions fail to properly check if a user supplied address exists in the user segment of memory. By providing a kernel address to a socket call an unprivileged user can execute arbitrary code as root. Additional details can be found in the VSR Security Advisory.

Impact

An unprivileged local attacker can escalate their privileges to root.

Solution

Apply an update for the specific Linux distribution used.

If the RDS protocol is not needed, it can be disabled with the following command run as root.

echo "alias net-pf-21 off" > /etc/modprobe.d/disable-rds 

Vendor Information

362983
 
Affected   Unknown   Unaffected

Debian GNU/Linux

Updated:  October 25, 2010

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux

Updated:  October 25, 2010

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc.

Updated:  October 25, 2010

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc.

Updated:  October 25, 2010

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu

Updated:  October 25, 2010

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to Dan Rosenberg of Virtual Security Research for researching and publishing the details of this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2010-3904
Severity Metric: 20.84
Date Public: 2010-10-19
Date First Published: 2010-10-25
Date Last Updated: 2010-10-25 19:38 UTC
Document Revision: 12

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.