Security researchers have disclosed a vulnerability in the Linux operating system that allows unprivileged users to gain “superuser” rights on target systems.

The bug in the Linux implementation of RDS, or reliable datagram sockets, protocol can be exploited by local users by sending specially manipulated packets that write certain values into kernel memory, according to VSR Security, the firm that disclosed the vulnerability. The issue was introduced into the Linux kernel in version 2.6.30, when RDS was first added.

A fix for the bug was committed last week by Linus Torvalds.

A second Linux security bug resided in the GNU C library, but it is “a low impact vulnerability that is only of interest to security professionals and system administrators,” according to Tavis Ormandy, who discovered it. ®

Related stories

• Updated Kernel.org Linux repository rooted in hack attack (31 August 2011)
• Die-hard bug bytes Linux kernel for second time (15 September 2010)
• Update kills code-execution threat in Samba (14 September 2010)
• Linux kernel purged of five-year-old root access bug (19 August 2010)
• Linux devs exterminate security bugs from kernel (11 December 2009)
• Linux kernel cured of remote panic-attack bug (3 December 2009)