The Register® — Biting the hand that feeds IT

Feeds

Linux bug bestows attackers with 'superuser' powers

  • alert
  • print
  • tweet

Fix coming

Free whitepaper – Enabling Datacenter and Cloud Service Management for Mid-Tier Enterprises

Security researchers have disclosed a vulnerability in the Linux operating system that allows unprivileged users to gain “superuser” rights on target systems.

The bug in the Linux implementation of RDS, or reliable datagram sockets, protocol can be exploited by local users by sending specially manipulated packets that write certain values into kernel memory, according to VSR Security, the firm that disclosed the vulnerability. The issue was introduced into the Linux kernel in version 2.6.30, when RDS was first added.

A fix for the bug was committed last week by Linus Torvalds.

A second Linux security bug resided in the GNU C library, but it is “a low impact vulnerability that is only of interest to security professionals and system administrators,” according to Tavis Ormandy, who discovered it. ®

Free whitepaper – Enabling Datacenter and Cloud Service Management for Mid-Tier Enterprises

Sign up, sign up for The Register's weekly IT security newsletter - click here