Serious Linux Security Hole Found in Kernel

by Developer.com Staff

Oracle RDS was added to the Linux kernel in 2.6.30. Since then, hackers have the ability to root your box.

Reliable Datagram Sockets was created by Oracle.

According to Oracle, RDS provides "in order, non-duplicating, highly available, low overhead, reliable delivery of datagrams between hundreds of thousands of non-connected endpoints."

And now it's killing Linux.

Well, it's not killing Linux, but it has created a really awful security hole. Since kernel 2.6.30 when RDS was included, any remote hacker has been able to gain root access on your Linux server.

This hole only effects machines running RDS, but it's still a serious problem. Linus Torvalds has a patch available if you want to recompile your kernel by hand, or you can wait for the upstream distributions to push out the fix.

This article was originally published on Friday Oct 22nd 2010
Mobile Site | Full Site