An Interest In:
Web News this Week
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
May 18, 2019 09:34 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/NbdLjPNp9xE/severe-linux-kernel-flaw-found-in-rds
Severe Linux Kernel Flaw Found In RDS
jwhyche (Slashdot reader #6,192) shared this article from Sophos:Linux systems running kernels prior to 5.0.8 require patching after news emerged of a high-severity flaw that could be remotely exploited. According to the NIST advisory, CVE-2019-1181 is a race condition affecting the kernel's rds_tcp_kill_sock in net/rds/tcp.c "leading to a use-after-free, related to net namespace cleanup." The RDS bit refers to systems running the Reliable Datagram Sockets (RDS) for the TCP module, which means only systems that run applications using this are affected. The attention-grabbing part is that this opens unpatched systems to remote compromise and denial of service without the need for system privileges or user interaction. On the other hand, the attack complexity is described as 'high', and any such attack would need to be launched from the local network.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/NbdLjPNp9xE/severe-linux-kernel-flaw-found-in-rds
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot