DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 20th April 2017
beiroot beiroot is offline
Shell Scout
 
Join Date: Sep 2016
Posts: 86
Default RCE in Linux Kernel via UDP packet

Ok, so most of you probably already know this:

https://www.cvedetails.com/cve/CVE-2016-10229/

What do you think of this bug?

I read a puzzling comment on one of the sec forums saying something like "it's not a bug, it's an NSA backdoor. A good programmer would never write a code in such a stupid manner. I really wonder why Linus would let such bug through."

I am not a kernel, nor a C developer myself, so I can't really comment whether this is reasonable or just a buffoonery. What do you think?

And my final question is, half a joke half seriously, why such a bug is not possible in OpenBSD kernel?

Last edited by beiroot; 20th April 2017 at 03:17 PM. Reason: typo
Reply With Quote
  #2   (View Single Post)  
Old 20th April 2017
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 636
Default

https://twitter.com/taviso/status/852571815079591936
https://plus.google.com/+EricDumazet/posts/ZQie5XjAic2
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #3   (View Single Post)  
Old 21st April 2017
beiroot beiroot is offline
Shell Scout
 
Join Date: Sep 2016
Posts: 86
Default

ok...and?
Reply With Quote
  #4   (View Single Post)  
Old 21st April 2017
blackhole's Avatar
blackhole blackhole is offline
VPN Cryptographer
 
Join Date: Mar 2014
Posts: 337
Default

Quote:
Originally Posted by beiroot View Post
What do you think of this bug?
It seems serious enough.

Quote:
Originally Posted by beiroot View Post
I read a puzzling comment on one of the sec forums saying something like "it's not a bug, it's an NSA backdoor. A good programmer would never write a code in such a stupid manner. I really wonder why Linus would let such bug through."
Sounds like "buffoonery". Forums and social network sites are usually low on fact and high on FUD.

If it were an "NSA backdoor", it would have been noticed.

RHEL's kernel wasn't affected because apparently that code wasn't implemented: https://bugzilla.redhat.com/show_bug.cgi?id=1439740

It shouldn't affect any OS which doesn't use the Linux kernel's ipv4 stack.

It's patched upstream of course, but all of the phones, smart devices and domestic home networking hardware and miscellaneous embedded stuff will probably still go unpatched by the vendor/user.

This one is another example of where the old "given enough eyeballs, all bugs are shallow" falls down (Heartbleed and ShellShock being more notable ones).

Last edited by blackhole; 21st April 2017 at 12:00 PM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Other The ~200 Line Linux Kernel Patch That Does Wonders TerryP News 19 28th November 2010 08:41 PM
ZFS for the Linux kernel J65nko News 0 7th June 2010 06:43 PM
Remote debugging Linux kernel Mr-Biscuit Other BSD and UNIX/UNIX-like 0 11th December 2008 04:46 AM
FreeBSD 7.1 kernel incompatible with a linux program map7 FreeBSD Installation and Upgrading 7 5th November 2008 11:17 PM
Linux Kernel map TerryP Other BSD and UNIX/UNIX-like 2 1st July 2008 05:33 AM


All times are GMT. The time now is 04:50 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick