from Hacker News

Udp.c in Linux kernel pre-4.5 allows remote attackers to execute arbitrary code

by OrangeTux on 4/13/17, 10:46 AM with 65 comments

  • by cyann on 4/13/17, 11:52 AM

  • by danielparks on 4/13/17, 11:57 AM

    Looks like this was patched a while ago in both RedHat and Debian distros.

    https://access.redhat.com/security/cve/cve-2016-10229

    https://security-tracker.debian.org/tracker/CVE-2016-10229

  • by krosaen on 4/13/17, 2:47 PM

    Always funny to see how banal bug fix commits are in comparison with the severity of the bug itself

    https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...

  • by antirez on 4/13/17, 12:13 PM

    This is probably less severe than it sounds like because of the MSG_PEEK option needed in recvfrom(), which is rarely used.

  • by abetusk on 4/13/17, 2:51 PM

    I really wish these announcements would come with a short check to see if you're affected and some example code to test if you're vulnerable.

    Does anyone know of a simple check to see if your server is affected?

  • by BiohaZd on 4/13/17, 3:03 PM

    Ubuntu 14 LTS Current kernel is 3.13.0-116-generic and issue was fixed in released (3.13.0-79.123)- so NOT AFFECTED

    Ubuntu 12 LTS Current kernel is 3.2.0-118-generic and fixed in released (3.2.0-99.139) - so NOT AFFECTED

  • by bipson on 4/13/17, 11:23 AM

    It seems [1] recent kernels are not affected by this. So if you are running older (hopefully lts kernels), you might need to verify them, otherwise you should be fine (check back with your distro obviously).

    [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...

  • by ramshanker on 4/13/17, 12:01 PM

    The wording makes it sound like Hertbleed/Cloudbleed level vulnerability.

    I mean impact wise, all those routers and cameras got another attack vector?

  • by kasabali on 4/14/17, 12:20 AM

    This vulnerability has already been disclosed and fixed in mainline, upstream longterm releases and major distribution kernels last year, I don't understand why it made the news today, am I missing something, is it slow news day or is it fear mongering?

    I flagged the thread because it is harmful (or time waster at best). From the comments I can see people are worried and unknowingly wasting their time checking their kernels to see if they are affected from a vulnerability that has already been fixed more than a year ago. Damn, I wasted half an hour of my time to see what really the situation is about.

  • by Meegul on 4/13/17, 2:57 PM

    Does anyone have an explanation for how this exploit works?

  • by dom0 on 4/13/17, 11:28 AM

    Why is this bubbling up again?

  • by BiohaZd on 4/13/17, 2:50 PM

    this is soo confusing...