|
|||
RCE in Linux Kernel via UDP packet
Ok, so most of you probably already know this:
https://www.cvedetails.com/cve/CVE-2016-10229/ What do you think of this bug? I read a puzzling comment on one of the sec forums saying something like "it's not a bug, it's an NSA backdoor. A good programmer would never write a code in such a stupid manner. I really wonder why Linus would let such bug through." I am not a kernel, nor a C developer myself, so I can't really comment whether this is reasonable or just a buffoonery. What do you think? And my final question is, half a joke half seriously, why such a bug is not possible in OpenBSD kernel? Last edited by beiroot; 20th April 2017 at 03:17 PM. Reason: typo |
|
|||
https://twitter.com/taviso/status/852571815079591936
https://plus.google.com/+EricDumazet/posts/ZQie5XjAic2
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase |
|
|||
ok...and?
|
|
||||
It seems serious enough.
Quote:
If it were an "NSA backdoor", it would have been noticed. RHEL's kernel wasn't affected because apparently that code wasn't implemented: https://bugzilla.redhat.com/show_bug.cgi?id=1439740 It shouldn't affect any OS which doesn't use the Linux kernel's ipv4 stack. It's patched upstream of course, but all of the phones, smart devices and domestic home networking hardware and miscellaneous embedded stuff will probably still go unpatched by the vendor/user. This one is another example of where the old "given enough eyeballs, all bugs are shallow" falls down (Heartbleed and ShellShock being more notable ones). Last edited by blackhole; 21st April 2017 at 12:00 PM. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Other The ~200 Line Linux Kernel Patch That Does Wonders | TerryP | News | 19 | 28th November 2010 08:41 PM |
ZFS for the Linux kernel | J65nko | News | 0 | 7th June 2010 06:43 PM |
Remote debugging Linux kernel | Mr-Biscuit | Other BSD and UNIX/UNIX-like | 0 | 11th December 2008 04:46 AM |
FreeBSD 7.1 kernel incompatible with a linux program | map7 | FreeBSD Installation and Upgrading | 7 | 5th November 2008 11:17 PM |
Linux Kernel map | TerryP | Other BSD and UNIX/UNIX-like | 2 | 1st July 2008 05:33 AM |