Easy workaround for the RDS vulnerability
|
| Author | Content |
|---|---|
| caitlyn Oct 25, 2010 7:08 PM EDT |
The workaround for the RDS vulnerability is very easy and was done on my systems in nothing flat. Of course, I am not afraid of typing (or cutting and pasting) a single line in a terminal session as root. I wonder what those who fear and loathe and avoid the dreaded command line are going to do. |
| azerthoth Oct 25, 2010 7:20 PM EDT |
Took a look at this one in determining criticality for Sabayon. If RDS is built as a module then it takes user/admin interaction to load it as it's not among those that autoload themselves. This is dependent on if your distro of choice made that decision for you or not, or if they built it into the kernel. zcat /proc/config.gz | grep -i rds lsmod | grep -i rds This will let you know if you have to take action or not. If it's built in you do, if it's a module and it's loaded, you do. |
| tracyanne Oct 25, 2010 10:15 PM EDT |
that doesn't work on Mint, and I suspect Ubuntu |
| gus3 Oct 25, 2010 10:23 PM EDT |
I suspect it should be "RDS", all caps. |
| azerthoth Oct 26, 2010 12:50 AM EDT |
grep -i makes it case insensitive, not finding the running config TA? |
| tracyanne Oct 26, 2010 2:07 AM EDT |
/proc/config.gz doesn't exist. |
| caitlyn Oct 26, 2010 8:20 AM EDT |
tracyanne: The fix in the CERT article only disables RDS at boot. If Ubuntu doesn't enable RDS at boot by default the net effect would be zero. It's perfectly harmless to make the change and may block a vulnerability. If you can't test then it's best to go ahead and create the one line /etc/modprobe.d/disable-rds file. |
| tracyanne Oct 26, 2010 8:21 AM EDT |
thanks caitlyn |
| cabreh Oct 26, 2010 10:05 AM EDT |
Since Ubuntu has already released an updated kernel to cover this issue I expect nothing needs to be done. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!