A severe flaw (CVE-2016-10229) in the Linux kernel allows remote attackers to execute malicious code, read our article to learn more about the issue.
About The Linux Vulnerability (CVE-2016-10229)
Security researchers discovered a vulnerability in the Linux kernel which is the main component of the operating system. As a consequence every device that relies on it – from servers and critical infrastructure controllers to IoT gear. The issue is tracked by the CVE-2016-10229 advisory which reads the following:
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
What this means is that computer hackers can craft network packts that trigger a specific operation. Its execution can lead to dangerous manipulation. There are three primary reasons why this is rated as a critical issue:
Exploitation of the vulnerability relies on specific network packet crafting which is not easy to do by beginner hackers.
The arbitrary code is processed by the kernel and as such is run under root privileges.
The bug can lead to a local privilege escalation.
The issue was detected back in 2015 with a fix that was applied to the major distributions. This month Google released a stream of security updates that address the issue in all devices that are using the Android operating system. In addition several manufacturers including Samsung and LG also addressed the issue in patches released for their products.
The issue has not been identified in the Red Hat kernel according to developers from their team. This is due to the fact that they customize their kernel releases and employ additional security mechanisms. Other “hardened” distributions based on their code (such as CentOS) are also safe to use. All other Linux devices need to be updated.
The Linux Bug May Affect Your Devices (CVE-2016-10229)
The biggest danger is that there are a lot of consumer devices, including IoT products, which are not actively updated by the manufacturer and/or their customers. This is usual for devices like routers and smart home automation peripherals. The Debian team tracked an instance where a Freeradius server was attacked using this vulnerability. This is a commonly used package that allows networks to deploy authentication and is used by network administrators to control the clients on their internal networks. On various security communities and internet forums specialists note that it is very likely to find vulnerable devices in embedded products coming from East Asian manufacturers. The MSG_PEEK packet allows the programmers to read the kernel UDP buffer without actually consuming any data. Some of the associated software that supports this function include the following:
Nginx – An open-source web server that can also be used as a load balancer, HTTP Cache or a reverse proxy.
HAProxy – An open-source high availability load balancer and proxy server.
CURL – A library and command-line utility for transferring data over various protocols.
GnuTLS – Free implementation of the TLS, SSL and DTLS protocols.
jack2 – A professional sound server daemon.
Lynx – A text-based web browser.
Plex/Kodi/XBMC – Popular multimedia servers.
BusyBox – A small-sized shell.
To stay protected update your Linux installation to the latest available version and always apply issued security updates.