Linux: fix an existing bug for 11 years in the Kernel
The developer Andrey Konovalov Linux has released a fix for an old, very old indeed, bug present in the Linux Kernel from 11 years. The security hole is in the holder for Datagram Congestion Control Protocol (DCCP) introduced in 2005.
The error can be exploited by malicious software in the weakest devices, also to get root permissions when a user logs into their account. Once you reach the backdoor, the attacker could exploit this vulnerability to compromise the system. The programming gaffes, however, is in how the code DCCP operates a socket buffer (skb) .
How the bugs in the Linux Kernel?
According to the announcement made via mailing list by Konovalov , a skb for DCCP_PKT_REQUEST packet you can be forced through __kfree_skb in dccp_rcv_state_process if dccp_v6_conn_request successfully returns. An attacker can then gain access and check that the subject should be and even rewrite the content with arbitrary data. If the object were to have any function that is activated, the attacker can execute arbitrary code in the Kernel. Konovalov says that an attacker could control what the object should be and overwrite its content with arbitrary data using one of the kernel heap spraying techniques.
Basic bug can save sbk address and its reference counter and exploit the use-after-free method. The fix was released to the community of Linux in order to reduce the instances of default DCCP .
Are particularly recommended an update to your system, the instant your distro will receive the patch. In the meantime, you can remove the media DCCP bugged by your kernel, to avoid its impact on the security of your system.