Eleven-year-old root flaw found and patched in the Linux kernel2017-02-23 16:26 by Daniela
The Linux team has patched a security flaw in the Linux kernel that can be exploited to gain root-level code execution rights from a low-privileged process.
The bug is in the Linux kernel's implementation of Datagram Congestion Control Protocol, or DCCP, and could let a local user gain root privileges and, in conjunction with other flaws, allow an attacker to execute arbitrary code in the kernel.
The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). It was discovered last week and was patched by the kernel developers on Friday.
Users are advised to update the software on their system as soon as the patch lands in their distribution.
Read more -here-