Dangerous remote Linux-Kernel bug(CVE-2016-10229) discovered

14 April 2017

Eric Dumazet of Google found a very dangerous remote execution bug in the Linux Kernel. It’s located in the recv-syscall with the MSG_PEEK-flag set. Attackers can remotely execute code on the target..

I used a google-dork to find vulnerable software:

 MSG\_PEEK filetype:c 

And found some possible targets:

  • asterisk(chan_unistim.c,ooh323c-addon)
  • pulseaudio
  • systemd
  • dnsmasq
  • netcat
  • busybox
  • nginx
  • The mirai-botnet
  • The adore-ng kernel rootkit

I did not dig deeper in the source-code but this bug seems to have a reasonable impact.

Update: According to Eric Dumazets Google+-Site this bug seems to affect only a few releases

[ Security  External  ]
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti