Tuesday, 5 September 2017

Linux kernel gets fix for 11-year-old root hole in DCCP code

Linux developer Andrey Konovalov has released a fix for an 11-year old bug in Linux kernel. The security hole is in the support for Datagram Congestion Control Protocol (DCCP) that was introduced in 2005.

The flaw can be exploited by malicious software on a vulnerable device or gain root-level access when users logged into their accounts. Once reached through a backdoor, attackers can leverage the vulnerability to compromise the system and even acquire a box from a connected network or Internet. Moreover, the programing blunder is in how DCCP code handles a socket buffer (skb).

MORE