Red Hat engineers and experts discovered a memory corruption vulnerability in Linux kernel, which is basically a flaw while implementation of RDS (Remote desktop Protocol) over TCP. This flaw has affected Red Hat, Ubuntu, Debian and SUSE and security advisories have been issued for all.
This flaw could enable an attacker to compromise a system and vulnerability could be exploited by any remote attacker. They could do this with no privilege requirement over the network. There is no user interaction also required.
An attacker could exploit the following vulnerabilities:
These could trigger a DOS (Denial of Service) condition.
The vulnerability tracked as CVE-2019-11815 could lead to privilege escalation vulnerability. The vulnerability only affects Linux kernels prior to 5.0.8, that use the Reliable Datagram Sockets (RDS) for the TCP module
“According to security experts a system that has the rds_tcp kernel module loaded either manually or automatically by a local process, could potentially allow an attacker to manipulate the socket state based on a Use-After-Free (UAF) condition, trigger the memory corruption and privilege escalation on the target system”, reads the security advisory published by the NIST.
Previous similar vulnerabilities:
2. Similar kind of issue was discovered by Google Project Zero’s Jann Horn in December 2016, which later
patched.
What should you do?
The problem has been patched in version 5.0.8 of the Linux kernel so, users can upgrade to a later kernel version.
If you can’t upgrade, or if you don’t want to deal with kernel compilations and dependencies, you may blacklist the “rds.ko” module.
Note: Right now, there have been no known cases of exploitation and the security experts consider this vulnerability to be very complicated to exploit but, admins or users should upgrade their Linux kernel version is the only preventive step.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-11815
https://access.redhat.com/security/cve/cve-2019-11815
Analysis by:
Swapnil Nigade and Ganesh Lakariya (Security Labs-QA)
2 Comments