Dismiss this notice
Avast Premier Photo Caption - [Only registered and activated users can see links Click here to register]

Dismiss this notice
FastestVPN Accounts Giveaway - [Only registered and activated users can see links Click here to register]


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Linux Kernel Privilege Escalation Vulnerability Found in RDS Over TCP
#1
Quote:A memory corruption vulnerability recently found in Linux Kernel’s implementation of RDS over TCP could lead to privilege escalation. 
 
Tracked as CVE-2019-11815 and featuring a CVSS base score of 8.1, the flaw impacts Linux kernels prior to 5.0.8, but only systems that use the Reliable Datagram Sockets (RDS) for the TCP module.
 
The issue, a NIST [Only registered and activated users can see links Click here to register] reveals, is a race condition that affects the kernel’s rds_tcp_kill_sock in net/rds/tcp.c. The bug leads to a use-after-free, related to net namespace cleanup, the advisory reveals. 
 
“A system that has the rds_tcp kernel module loaded (either through autoload via local process running listen(), or manual loading) could possibly cause a use after free (UAF) in which an attacker who is able to manipulate socket state while a network namespace is being torn down,” the Red Hat advisory on this bug [Only registered and activated users can see links Click here to register]

Apparently, the vulnerability can be exploited over the network and requires no privileges or user interaction, although the complexity of a successful attack is rather high. An attacker could abuse the issue to access restricted information or cause denial of service. 

SOURCE: [Only registered and activated users can see links Click here to register]
[-] The following 1 user Likes silversurfer's post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
RogueKiller V13.4.4
V13.4.4 09/16/2019...harlan4096 — 12:50
Avast Blog_Security News: U.S. sanctions...
Can threats to ...harlan4096 — 07:44
Avast Blog_Security News: DDoS attack fo...
Plus, a BEC bus...harlan4096 — 07:41
How Deepfakes Can Ruin Your Business
And How You Can...harlan4096 — 07:33
64-Core AMD EPYC Rome Achieves World's F...
On Friday, Beam...harlan4096 — 07:26

[-]
Birthdays
Today's Birthdays
avatar (42)rarinsWax
Upcoming Birthdays
avatar (32)fapedDow
avatar (42)pohudidere
avatar (32)eqiduseb
avatar (39)ThomasLYDAY
avatar (34)upakoExapy
avatar (43)skepwHug
avatar (32)RicardoGoase
avatar (37)Denpokhew
avatar (29)azidony
avatar (34)maskbSleew

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>