Another Lingering Linux Kernel Security Flaw

The laudable notion that open source software is eminently review-able and therefore safer than it's closed source alternatives received another dent when an 11-year-old flaw was discovered in the Linux kernel (with patches now being distributed). This has happened before with Linux, too - Heartbleed, Shellshock and Ghost come to mind in recent years.

I don't think it's untrue that the open source concept is a good one, but I also think proponents need to be a little less self-assured given the recent evidence.
While it cannot be exploited remotely, this sort of bug can be combined with other flaws that give remote hackers access to a lower privileged account on a system.
For the flaw to be exploitable, the kernel needs to be built with the CONFIG_IP_DCCP option. Many distributions use kernels built with this option, but some don’t.

No comments:

Post a Comment