You can now find Cyber Kendra on Google News | Telegram

Critical Code Execution bug on Linux Silently Fixed - Root Level

Another critical security bug on Linux kernel has been patched, which allows attackers to remotely control on the servers, PC's, IOT devices, Android and many more.

A high severity security bug dubbed as CVE-2016-10229 exposes machines and gizmos to attacks via UDP network traffic.

Any software receiving data using the system call recv() with the MSG_PEEK flag set on a vulnerable kernel opens up the box to potential hijacking. The hacker would have to craft packets to trigger a second checksum operation on the incoming information, which can lead to the execution of malicious code within the kernel, effectively as root.

There is a good news that, there is no evidence of exploitation of the bug in wild. But Programs from the Nginx web server and wget to the Mirai botnet code and various others set the MSG_PEEK flag on some connections, leaving the underlying machine open to attack if the kernel is vulnerable.

The issue was discovered by Google’s Eric Dumazet, and quietly dealt with at the end of 2015 with a small fix applied to the open-source kernel. Linux distros, such as Ubuntu and Debian, were distributing fixed builds of the kernel by February this year.

Eric had already applied a short fixed on open source Linux kernel. But Google had released the patch this year for Android. Vendor like Samsung, LG had also issued a patch for it's devices​.

This remote kernel-level code execution vulnerability in Linux, which sounds like the worst of the very worst, but it is pretty much patched by now. 😀

Now just update your kernel to get it fixed from this worst situation.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.