RCE in Linux (inc Android) via UDP. CVSS 10.0. I'm a little confused as to why a bigger fuss isn't being made of this
https://nvd.nist.gov/vuln/detail/CVE-2016-10229
Is it that the vuln doesn't have a cool brand name and logo and website?
I was pleasantly surprised to find out that my nexus phone was patched for this last week. Other androids are probably going to be fucked
@liamo Fefe explains that very few (if any) applications use MSG_PEEK on UDP sockets – which would be required for this bug to be exploitable: http://blog.fefe.de/?ts=a6110f5c (german only, unfortunately)
@liamo Here’s an article on ZDNet, essentialy saying the same: http://www.zdnet.com/article/real-linux-bug-false-security-concerns/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem:+Trending+Content&utm_content=58f17fd0b8a9fe0007b90891&utm_medium=trueAnthem&utm_source=twitter
@liamo Not my expertise, but from what I heard from experienced coders it has to do with the fact that MSG_PEEK is seldom used in general, and next to never with UDP. So it apparently would need a user-space app doing that to trigger the kernel RCE.
@liamo "Is it that the vuln doesn't have a cool brand name and logo and website?"
Probably.