Another privilege-escalation vulnerability has been discovered in Linux kernel that dates back to 2005 and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu.
Over a decade old Linux Kernel bug (CVE-2017-6074) has been discovered by security researcher Andrey Konovalov in the DCCP (Datagram Congestion Control Protocol) implementation using Syzkaller, a kernel fuzzing tool released by Google.
The vulnerability is a use-after-free flaw in the way the Linux kernel's "DCCP protocol implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket."
The DCCP double-free vulnerability could allow a local unprivileged user to alter the Linux kernel memory, enabling them to cause a denial of service (system crash) or escalate privileges to gain administrative access on a system.
"An attacker can control what object that would be and overwrite its content with arbitrary data by using some of the kernel heap spraying techniques. If the overwritten object has any triggerable function pointers, an attacker gets to execute arbitrary code within the kernel," full disclosure mailing list about the vulnerability reads.
(Score: 2, Funny) by Whoever on Monday February 27 2017, @03:49AM (1 child)
Doesn't bother me. I'm running 2.4.x.
(Score: 2) by Scruffy Beard 2 on Monday February 27 2017, @07:41AM
At least Linux-based router distro [freesco.org] is safe.
They use the 2.0.39 Linux kernel (because it is small enough to fit on a floppy).
(Score: 1, Interesting) by Anonymous Coward on Monday February 27 2017, @05:37AM (7 children)
You'd think something like the Linux kernel would have inspired someone to design and build a development environment that caters to providing abstractions, efficiency, and provable guarantees for low-level system programming. Alas, what we get instead is a hodgepodge of C99 code strung together with a masturbatory framework of textual macros.
"Did you test this code?"
"Yeah, sure; I mean, no one has complained so far..."
(Score: 0) by Anonymous Coward on Monday February 27 2017, @05:46AM (4 children)
Those kind of intermediaries lead to laziness like what recently struck cloudflare.
(Score: 0) by Anonymous Coward on Monday February 27 2017, @06:00AM (3 children)
That's the kind of shit that a computer can check for you; if your computer is not doing a computer's work, then the design of your system is lazy.
(Score: 0) by Anonymous Coward on Monday February 27 2017, @10:07AM (2 children)
if your computer is not doing a computer's work, then the design of your system is lazy.
My computer is doing a human's work. I am lazy, not my system.
(Score: 0) by Anonymous Coward on Monday February 27 2017, @03:02PM (1 child)
If your computer can do it, then it becomes a computer's work, not a human's work.
(Score: 0) by Anonymous Coward on Monday February 27 2017, @05:45PM
Some computers are human, you insensitive clod!
(Score: 2) by stretch611 on Monday February 27 2017, @07:23PM
Yes, this problem and the lack of full testing exists in the linux kernel.
Developers are not very good at testing their own code. This happens regardless of whether or not it is open source or closed source. Even the ones who take the time to actually test generally only test things that they feel might be impacted and rarely run full suites of tests.
Even though the premise of open source is that anyone can look at the code and modify it, the fact is very few people at all actually do this. However, there is still a benefit to open source... Even if the original developer of the code is no longer around or just doesn't care, the source is available for others (including the possibility of the security researcher) to grab the source code and fix it themselves and share it with the community.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 3, Informative) by pvanhoof on Monday February 27 2017, @07:25PM
You could add tests for the faults that were found using these two frameworks:
https://github.com/linux-test-project/ltp [github.com]
http://autotest.github.io/ [github.io]