needs more detailed info on exact which kernels are vulnerable. Apparently it was fixed in 4.4.21, but sec researches are too lazy for that
-
-
That's what I found when looking, seemed to be fixed in kernel backport a while ago. May exist in older systems or kernels?
1 reply 0 retweets 0 likes -
Think Android...
1 reply 0 retweets 1 like -
Yes, it provides trivial root of virtually any Android device you can run an app on.
3 replies 1 retweet 4 likes -
Replying to @RichFelker @dotMudge and
As a user (with a rooted device) you can mitigate it via iptables DROP of udp except localhost:53 and running local dns proxy, I think.
2 replies 0 retweets 1 like -
Replying to @RichFelker @dotMudge and
Maybe there's also a way to make iptables check the cksum b4 the pkt reaches the affected layer? IMO it's an idiotic bug that Linux doesn't.
1 reply 0 retweets 1 like -
Replying to @RichFelker @dotMudge and
ZOMG speed! I need 100 Gbit/sec of UDP packets! Let's defer checksum! - said nobody, ever.
1 reply 0 retweets 1 like -
Replying to @RichFelker @dotMudge and
hey now, why are you trying to apply logic to Linux?
1 reply 0 retweets 1 like -
Not so much logic as harsh criticism of idiotic tradeoffs.
1 reply 0 retweets 1 like -
Replying to @RichFelker @mfukar and
There used to be a bug around this same deferral whereby poll/select returned readable, then recv blocked because checksum failed.
1 reply 0 retweets 0 likes
For years, maybe a decade, it was @ewontfix'd.
-
-
Replying to @RichFelker
All of Linux networking is a mess. From API to implementation. I wouldn't be surprised if more bugs like that and CVE-2016-10229 exist.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.