Tuesday, March 21, 2017

Eleven-Year-Old Root Flaw Found And Patched In The Linux Kernel

How did something like this go unnoticed for more than eleven years?

Linux system administrators should be on the watch for kernel updates because they fix a local privilege escalation flaw that could lead to a full system compromise. The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). It was discovered last week and was patched by the kernel developers on Friday.