Eleven-year-old root flaw found and patched in the Linux kernel

Linux system administrators should be on the watch for kernel updates because they fix a local privilege escalation flaw that could lead to a full system compromise.

The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). It was discovered last week and was patched by the kernel developers on Friday.

The flaw can be exploited locally by using heap spraying techniques to execute arbitrary code inside the kernel, the most privileged part of the OS. Andrey Konovalov, the Google researcher who found the vulnerability, plans to publish an exploit for it a few days.

To read this article in full or to leave a comment, please click here

Read more: Eleven-year-old root flaw found and patched in the Linux kernel

Story added 23. February 2017, content source with full text you can find at link above.