back to article Linux kernel gets patch for 11-year-old local-root-hole security bug

Eleven years ago or thereabouts, the Linux kernel got support for the Datagram Congestion Control Protocol – and also got a privilege escalation bug that has just been fixed. Like basically every root hole, this flaw can be potentially exploited by software on a vulnerable device, or logged-in users, to gain root-level access …

  1. Steve Aubrey

    SKB?

    And here I thought that SKB stood for Stan Kelly-Bootle https://en.wikipedia.org/wiki/Stan_Kelly-Bootle, author of The Devil's DP Dictionary.

    downtime n. The period during which a system is error-free and immune from user input. Compare UPTIME. See also CRASH.

    1. DonL

      Re: SKB?

      "downtime n. The period during which a system is error-free and immune from user input. Compare UPTIME. See also CRASH."

      No need for that anymore with kernel live patching. Canonical offers it for up to 3 servers for free and Kernelcare.com is so affordable that the hassle to manually update and reboot isn't worthwhile anymore.

  2. Anonymous Coward
    Linux

    Eleven year old security bug

    "The bug was found with syzkaller" a Linux syscall fuzzer

    '2017-02-15: Bug reported to security () kernel org

    2017-02-16: Patch submitted to netdev

    2017-02-17: Patch committed to mainline kernel

    2017-02-18: Notification sent to linux-distros

    2017-02-22: Public announcement'

    1. Wensleydale Cheese

      Re: Eleven year old security bug

      2017-02-23 Security update for Linux kernel containing this patch (and others) arrives for latest stable version of openSUSE:

      • CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that makes an IPV6_RECVPKTINFO setsockopt system call. (bsc#1026024).

    2. Hans 1 Silver badge
      Windows

      Re: Eleven year old security bug

      Please, you must stop, I beg you ... here I am, still waiting to patch WIndows boxen for this.

      "2016-11-16: Bug reported to MS

      2016-11-17: Nothing

      2016-11-18: Nothing

      2016-11-19: Nothing

      [...]

      2017-02-20: Bug reported to the whole world

      2017-02-21: Nothing

      2017-02-22: Nothing

      2017-02-23: ...

      Note: This Linux bug and that Windows bug are very similar, in both cases, you get to memory ... one poses a higher risk afaik, though, as, well, anything on one of our Windows clients/servers accessing a silly image could have our forest 0wned ... imagine, email with embedded image :=> 0wned ....

      Staff, STOP LOOKING A CAT images, NOW!

      MS, a fix ... please ?

      1. Kiwi Silver badge
        Trollface

        Re: Eleven year old security bug

        Please, you must stop, I beg you ... here I am, still waiting to patch WIndows boxen for this.

        But don't you know that means Windows is more secure? I mean the Windows one requires someone to go to the extent of emailing a picture to any Windows machine, whereas the Linux one requires some knowledge of programming and sufficient local access (programmatically or direct) to gain privilege escalation. Why, with every user being an admin by default, the whole issue of priv escalation has been completely one away with in Windows! Obviously Windows is way more secure than Linux.

        And what makes Windows even more secure is that the Linux but is already patched while the Windows one hasn't even been publicly acknowledged!. That just proves how much more secure windows is and also proves how much faster MS patches critical bugs!

        Furthermore...POP

        Er, sorry folks. My bullshit generator got a bit clogged. An excess of MS-FUD seems to have cleared it though. Sorry about the mess...

  3. Adam 1

    > DCCP code cockup lay unnoticed since 2005

    DCCP code cockup is not known to have been noticed since 2005. TFTFY.

  4. TeeCee Gold badge

    Hmm.

    dccp_v6_conn_request

    I wonder if there's also a dccp_v4_conn_request in there? If so and that hasn't got the same issue, that would go a long way toward explaining why nobody noticed this 'til very recently.

    Anyone?

  5. s2bu

    Crazily enough, 4.9.12 was just released today and yet it doesn't appear to have the fix in it!

  6. DougS Silver badge

    Does this require IPv6?

    That would reduce the vulnerable population quite significantly, since most machines don't have IPv6 routed to them even if it is left enabled.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019