Another Lingering Linux Kernel Security Flaw

The laudable notion that open source software is eminently review-able and therefore safer than it's closed source alternatives received another dent when an 11-year-old flaw was discovered in the Linux kernel (with patches now being distributed). This has happened before with Linux, too - Heartbleed, Shellshock and Ghost come to mind in recent years.

I don't think it's untrue that the open source concept is a good one, but I also think proponents need to be a little less self-assured given the recent evidence.
While it cannot be exploited remotely, this sort of bug can be combined with other flaws that give remote hackers access to a lower privileged account on a system.
For the flaw to be exploitable, the kernel needs to be built with the CONFIG_IP_DCCP option. Many distributions use kernels built with this option, but some don’t.
TechEye


Comments

Popular posts from this blog

VPN Use Is Up, Up, Up

Microsoft's Mild Mea Culpa Over Windows 10 Obscure Upgrade "Choice"

Q4OS Linux On An Old Windows Laptop