RCE in Linux (inc Android) via UDP. CVSS 10.0. I'm a little confused as to why a bigger fuss isn't being made of this
Is it that the vuln doesn't have a cool brand name and logo and website?
I was pleasantly surprised to find out that my nexus phone was patched for this last week. Other androids are probably going to be fucked
@liamo "Is it that the vuln doesn't have a cool brand name and logo and website?"
@liamo Here’s an article on ZDNet, essentialy saying the same: http://www.zdnet.com/article/real-linux-bug-false-security-concerns/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem:+Trending+Content&utm_content=58f17fd0b8a9fe0007b90891&utm_medium=trueAnthem&utm_source=twitter
@liamo Not my expertise, but from what I heard from experienced coders it has to do with the fact that MSG_PEEK is seldom used in general, and next to never with UDP. So it apparently would need a user-space app doing that to trigger the kernel RCE.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!