Reading on this a little bit more, it looks like this bug would be extremely difficult to exploit. Basically, it only occurs when you allocate a socket, attempt to connect to a remote machine, and the attempted connection fails. If that happens, you get a use-after-free condition.
Given how frequent the described condition occurs, I have to question whether SecurityFocus was accurate in implicating kernels back to 2.0. I would suspect that this might be applicable only to 5.0 kernels, but I don't have any evidence to suggest either way. I'd also question whether it was accurate in describing this as a remote exploit, since this describes a connection FROM the affected machine, not TO it. You don't use connect() on incoming TCP connections; you use listen() and accept() for that. However, it is also true that some well-known services use combinations like this. FTP, in particular, comes to mind, at least in active (default) mode. So potentially, an attacker might initiate an FTP connection to a vulnerable machine, then refuse attempted connections for FTP-DATA. You see why I think this might not implicate earlier kernels? That happens all the time, if you're behind a firewall and don't have the passive FTP option turned on. And yet, that doesn't generally crash Linux machines. On Mon, May 13, 2019 at 8:09 PM Tilghman Lesher <[email protected]> wrote: > > It is, indeed, bleeding edge, but the SecurityFocus article makes > clear that this is a bug that goes back to even Linux 2.0 kernels. So > you're vulnerable, period, at least until your upstream vendor > publishes an updated kernel that corrects this race condition. > > On Mon, May 13, 2019 at 8:33 AM Howard White <[email protected]> wrote: > > > > Is this bleeding edge or am I missing something? > > > > <https://www.bleepingcomputer.com/news/security/linux-kernel-prior-to-508-vulnerable-to-remote-code-execution/?fbclid=IwAR23w_HjGBwSuKg19c24RhlePE_envkBZ71cpl8Xt-FCM3n5kfq9hmWMIUk> > > > > Howard > > > > -- > > -- > > You received this message because you are subscribed to the Google Groups > > "NLUG" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected] > > For more options, visit this group at > > http://groups.google.com/group/nlug-talk?hl=en > > > > --- > > You received this message because you are subscribed to the Google Groups > > "NLUG" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/nlug-talk/5ae0666c-e09a-5d14-b5ae-c5ee3c75ff19%40vcch.com. > > For more options, visit https://groups.google.com/d/optout. > > > > -- > Tilghman -- Tilghman -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nlug-talk/CAHPkZcXQOpqpzNU0ZwufXej6H%2B%3D9qcGk3r1S-eQ9SSVK%3DaCDgQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
