Linux developer Andrey Konovalov has released a fix for an 11-year
old bug in Linux kernel. The security hole is in the support for
Datagram Congestion Control Protocol (DCCP) that was introduced in 2005.
The flaw can be exploited by malicious software on a vulnerable device or gain root-level access when users logged into their accounts. Once reached through a backdoor, attackers can leverage the vulnerability to compromise the system and even acquire a box from a connected network or Internet. Moreover, the programing blunder is in how DCCP code handles a socket buffer (skb).
MORE
The flaw can be exploited by malicious software on a vulnerable device or gain root-level access when users logged into their accounts. Once reached through a backdoor, attackers can leverage the vulnerability to compromise the system and even acquire a box from a connected network or Internet. Moreover, the programing blunder is in how DCCP code handles a socket buffer (skb).
MORE