Linux kernel RDS protocol vulnerability

2010-10-25T00:00:00
ID VU:362983
Type cert
Reporter CERT
Modified 2010-10-25T00:00:00

Description

Overview

The RDS protocol implementation of Linux kernels 2.6.30 through 2.6.38-rc8 contain a local privilege escalation vulnerability.

Description

Kernel functions fail to properly check if a user supplied address exists in the user segment of memory. By providing a kernel address to a socket call an unprivileged user can execute arbitrary code as root. Additional details can be found in the VSR Security Advisory.


Impact

An unprivileged local attacker can escalate their privileges to root.


Solution

Apply an update for the specific Linux distribution used.


If the RDS protocol is not needed, it can be disabled with the following command run as root.

echo "alias net-pf-21 off" > /etc/modprobe.d/disable-rds``


Vendor Information

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Debian GNU/Linux| | -| 25 Oct 2010
Gentoo Linux| | -| 25 Oct 2010
Red Hat, Inc.| | -| 25 Oct 2010
Slackware Linux Inc.| | -| 25 Oct 2010
Ubuntu| | -| 25 Oct 2010
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www.vsecurity.com/resources/advisory/20101019-1/>

Credit

Thanks to Dan Rosenberg of Virtual Security Research for researching and publishing the details of this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs: CVE-2010-3904
  • Date Public: 19 Oct 2010
  • Date First Published: 25 Oct 2010
  • Date Last Updated: 25 Oct 2010
  • Severity Metric: 20.84
  • Document Revision: 12