A kernel security hole is being sensationalized yet again, on this:
http://www.h-online.com/open/news/it...s-1122180.html
and many other sites. It seems that Linux security holes are big news. That can only be because they are so UNCOMMON. But, there is a fly in the ointment ...
Notice the key phrase: "once they have broken into the system"
Rainer Weikusat remarks:
That bold print means that the remote attacker needs yet another remote exploit to use the RDS exploit. This effectively reduces the problem to one of a local exploit and the need to trust your users and keep your machines physically secure. Another tempest in a teapot.
The fix has already been added to the kernel. If you think your Linux server is vulnerable then you can use this method as a temporary fix:
echo "alias net-pf-21 off" > /etc/modprobe.d/disable-rds (as root)
http://www.h-online.com/open/news/it...s-1122180.html
and many other sites. It seems that Linux security holes are big news. That can only be because they are so UNCOMMON. But, there is a fly in the ointment ...
Attackers can exploit the hole to get complete control remotely once they have broken into the system.
Rainer Weikusat remarks:
The message doesn't contain the exploit code but the memory address of the exploit code. The recvmsg-call caused that to be written into the 'ioctl' slot of the 'method table' associated with the socket and a subsequent ioctl-call using this socket then causes the kernel to execute the exploit code.
This, of course, means that, in order to exploit this 'remotely' ... the attacker must be able to write the exploit code into memory on the target machine, transfer the address of the exploit code to the 'attacking' machine, send it back to the target in order to overwrite the function pointer in the kernel and then, execute the ioctl call triggering the actual exploit on the target machine.
This, of course, means that, in order to exploit this 'remotely' ... the attacker must be able to write the exploit code into memory on the target machine, transfer the address of the exploit code to the 'attacking' machine, send it back to the target in order to overwrite the function pointer in the kernel and then, execute the ioctl call triggering the actual exploit on the target machine.
The fix has already been added to the kernel. If you think your Linux server is vulnerable then you can use this method as a temporary fix:
echo "alias net-pf-21 off" > /etc/modprobe.d/disable-rds (as root)
Comment