MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
rds
Search

Severe Linux Kernel Flaw Found In RDS

Saturday May 18, 2019. 11:34 PM , from Slashdot
jwhyche (Slashdot reader #6,192) shared this article from Sophos:
Linux systems running kernels prior to 5.0.8 require patching after news emerged of a high-severity flaw that could be remotely exploited.

According to the NIST advisory, CVE-2019-1181 is a race condition affecting the kernel's rds_tcp_kill_sock in net/rds/tcp.c 'leading to a use-after-free, related to net namespace cleanup.' The RDS bit refers to systems running the Reliable Datagram Sockets (RDS) for the TCP module, which means only systems that run applications using this are affected.

The attention-grabbing part is that this opens unpatched systems to remote compromise and denial of service without the need for system privileges or user interaction. On the other hand, the attack complexity is described as 'high', and any such attack would need to be launched from the local network.

Read more of this story at Slashdot.
rss.slashdot.org/~r/Slashdot/slashdot/~3/NbdLjPNp9xE/severe-linux-kernel-flaw-found-in-rds
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Mar, Thu 28 - 17:46 CET