Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution

posted by martyb on Tuesday May 14 2019, @04:30PM   Printer-friendly
from the does-this-also-affect-Android? dept.

upstart writes:

Submitted via IRC for AnonymousLuser:

Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution

Linux machines running distributions powered by kernels prior to 5.0.8 are affected by a race condition vulnerability leading to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks.

Potential attackers could exploit the security flaw found in Linux kernel's rds_tcp_kill_sock TCP/IP implementation in net/rds/tcp.c to trigger denial-of-service (DoS) states and to execute code remotely on vulnerable Linux machines.

The attacks can be launched with the help of specially crafted TCP packets sent to vulnerable Linux boxes which can trigger use-after-free errors and enable the attackers to execute arbitrary code on the target system.

The remotely exploitable vulnerability has been assigned a 8.1 high severity base score by NIST's NVD, it is being tracked as CVE-2019-11815 (Red Hat, Ubuntu, SUSE, and Debian) and it could be abused by unauthenticated attackers without interaction from the user.

Luckily, because the attack complexity is high, the vulnerability received an exploitability score of 2.2 while the impact score is limited to 5.9.

[...] The Linux kernel developers issued a patch for the CVE-2019-11815 issue during late-March and fixed the flaw in the Linux kernel 5.0.8 version released on April 17.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution | Log In/Create an Account | Top | 49 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by sshelton76 on Tuesday May 14 2019, @05:45PM (1 child)

    by sshelton76 (7978) on Tuesday May 14 2019, @05:45PM (#843508)

    Ok so I'm looking at the patch and it's description
    https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/diff/?id=cb66ddd156203daefb8d71158036b27b0e2caf63 [kernel.org]

    It seems to me like this is something that would be caught and killed with apparmor or selinux policies in place.
    I'm looking for confirmation of my theory, but escalation to kernel mode from user space is one of the things those are designed to catch.

    I'm also quite shocked at how tiny this patch is. It's literally just removing one OR comparator from and IF statement along with a total of about 13 bytes.
    Considering how tiny this change is, I'm willing to bet the flaw literally dates back to Linus's junior high days.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Wednesday May 15 2019, @05:32AM

    by Anonymous Coward on Wednesday May 15 2019, @05:32AM (#843701)

    Why are you speculating about the origin of the code instead of looking at git blame? You bothered to look at the patch itself so I don't get why you didn't just put another ten seconds on analyzing it.

    The vulnerability was introduced in commit 467fa15356acfb7b which is Oracle code from 2015 and just concerns using reliable data sockets with network namespaces. You are very likely not using this anyway and you probably don't even have the vulnerable rds_tcp module loaded.