Serious Linux Security Hole Found in Kernel

Friday Oct 22nd 2010 by Developer.com Staff

Oracle RDS was added to the Linux kernel in 2.6.30. Since then, hackers have the ability to root your box.

Reliable Datagram Sockets was created by Oracle.

According to Oracle, RDS provides "in order, non-duplicating, highly available, low overhead, reliable delivery of datagrams between hundreds of thousands of non-connected endpoints."

And now it's killing Linux.

Well, it's not killing Linux, but it has created a really awful security hole. Since kernel 2.6.30 when RDS was included, any remote hacker has been able to gain root access on your Linux server.

This hole only effects machines running RDS, but it's still a serious problem. Linus Torvalds has a patch available if you want to recompile your kernel by hand, or you can wait for the upstream distributions to push out the fix.

Mobile Site | Full Site