Announcement

Collapse
No announcement yet.

Another Linux Kernel Vulnerability Leading To Local Root From Unprivileged Processes

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #11
    How can this be prevented in the future?
    Is there any static analysis tool that detects double-free vulnerabilities?
    Can things like DCCP or the network stack be sandboxed?

    Comment

    • #12
      The fix is available in 4.10(as in, already there, not that it will come in 4.10.1 or something like that): https://github.com/torvalds/linux/co...55ef99d9798ba4

      Comment

      • #13
        Originally posted by chithanh View Post
        Gentoo here, don't remember enabling that option.
        Code:
        $ zgrep DCCP /proc/config.gz
# CONFIG_IP_DCCP is not set
        And lo, it helps again to leave out all the functions you don't need.
        Same here. I love gentoo.

        Comment

        • #14
          Originally posted by chithanh View Post
          Gentoo here, don't remember enabling that option.
          Code:
          $ zgrep DCCP /proc/config.gz
# CONFIG_IP_DCCP is not set
          And lo, it helps again to leave out all the functions you don't need.
          Same here. GENTOO RULEZ

          Comment

          • #15
            Indeed, it's not in my hardened Gentoo box either.
            I also found out that I can't use dmidecode on it now, with the recent GRSec updates. Interesting, and probably quite nice for security.

            Comment

            • #16
              Originally posted by chithanh View Post
              Gentoo here, don't remember enabling that option.
              Code:
              $ zgrep DCCP /proc/config.gz
# CONFIG_IP_DCCP is not set
              And lo, it helps again to leave out all the functions you don't need.
              Ditto Here

              Comment

              • #17
                I guessing it is far from only this one, Debian 8 today recieved various (14) kernel CVE fixes that affect many things. I guessing someone intensive inspected them recently.
                Last edited by dungeon; 22 February 2017, 11:39 PM.

                Comment

                • #18
                  My understanding was that DCCP is essentially a "better UDP" with optional congestion control and an ECN workalike feature. Like SCTP, something that should probably be enabled everywhere if it's to ever stand a chance of being usable in reality.
                  • Likes 1

                  Comment

                  • #19
                    On every version of Debian I'm running, it was an optional loadable kernel module. So just:
                    echo >> /etc/modprobe.d/disable-dccp.conf install dccp false
                    and it won't be loaded.
                    • Likes 1

                    Comment

                    • #20
                      I don't think it's enabled on Solus either. I mean: the command someone posted on page 1 of this thread can't find config.gz and locate can't find it either:

                      > zgrep DCCP /proc/config.gz
                      gzip: /proc/config.gz: No such file or directory
                      [11:19:11] vistaus@vistaus-solus /media/MicroSD/Apps (2)
                      > locate config.gz
                      [11:19:16] vistaus@vistaus-solus /media/MicroSD/Apps (1)
                      >

                      Comment

                      Previous 1 2 3 template Next
                      Working...
                      X