Submitted via IRC for AnonymousLuser:
Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution
Linux machines running distributions powered by kernels prior to 5.0.8 are affected by a race condition vulnerability leading to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks.
Potential attackers could exploit the security flaw found in Linux kernel's rds_tcp_kill_sock TCP/IP implementation in net/rds/tcp.c to trigger denial-of-service (DoS) states and to execute code remotely on vulnerable Linux machines.
The attacks can be launched with the help of specially crafted TCP packets sent to vulnerable Linux boxes which can trigger use-after-free errors and enable the attackers to execute arbitrary code on the target system.
The remotely exploitable vulnerability has been assigned a 8.1 high severity base score by NIST's NVD, it is being tracked as CVE-2019-11815 (Red Hat, Ubuntu, SUSE, and Debian) and it could be abused by unauthenticated attackers without interaction from the user.
Luckily, because the attack complexity is high, the vulnerability received an exploitability score of 2.2 while the impact score is limited to 5.9.
[...] The Linux kernel developers issued a patch for the CVE-2019-11815 issue during late-March and fixed the flaw in the Linux kernel 5.0.8 version released on April 17.
(Score: 4, Funny) by Anonymous Coward on Tuesday May 14 2019, @04:35PM (4 children)
Toldja you should be running Windows instead. [ducking head]
(Score: 1, Funny) by Anonymous Coward on Tuesday May 14 2019, @04:42PM (2 children)
Me: watching you get beat..."Look at my Unix based MacOS"
Throw what you want I'm in a walled garden mwahaha
(Score: 3, Informative) by edIII on Tuesday May 14 2019, @07:28PM (1 child)
Why? You're already in the walled garden. Damage done ;)
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Wednesday May 15 2019, @04:30AM
Yup, pretty sure the last Tron movie showed how that idea goes.
(Score: 2) by bob_super on Tuesday May 14 2019, @09:18PM
> Toldja you should be running Windows instead. [ducking head]
Note to self : if worried I could get cooties from kissing that girl I like, the tradeoff is to pay to fuck the local whore bareback.