Dodged A Bullet Today

“Eleven years ago or thereabouts, the Linux kernel got support for the Datagram Congestion Control Protocol – and also got a privilege escalation bug that has just been fixed.

Users are advised to update the software on their system as soon as the patch lands in their distro. You should also check to see if the buggy DCCP support is actually present in your kernel. If it’s not compiled in, or if you can remove it as a module, you will avoid the bug.”
 
See Linux kernel gets patch for 11-year-old local-root-hole security bug
As usual, bugs happen, even bad bugs. This one doesn’t bother me as my kernel configs contain:
“grep DCCP /boot/config-4.4.50
# CONFIG_NF_CT_PROTO_DCCP is not set
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
# CONFIG_IP_DCCP is not set”

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.

This entry was posted in technology and tagged , . Bookmark the permalink.

8 Responses to Dodged A Bullet Today

  1. oiaohm says:

    http://zerodayinitiative.com/Pwn2Own2017Rules.html
    Ivan Firefox is back for 2017. Different browsers have got removed different years due to know exploit or people not willing to put up the money.

    Please note a long time back they removed Linux desktop from Pwn2Own competition because they had the other problem of being too hard to break due to how much had been updated.

    They have put Ubuntu back in with Apache this year with the highest prise ever. Please note they are not doing all the hardening recommendations because that would make it too hard.

  2. oiaohm says:

    https://en.wikipedia.org/wiki/Datagram_Congestion_Control_Protocol
    DrLoser there are only two implementations of DCCP. Linux and Freebsd.

    https://www.anmolsarma.in/post/dccp
    Gets worse read here notice the FreeBSD implementation is deprecated.
    Your OP cite is simply a botch job of implementing a common Internet protocol (DCCP) in the Linux Kernel.
    DrLoser how do you get common when its something that only Linux kernel implements.

    DCCP is not mainstream. It is not widely deployed or even supported. Documentation is sparse. Although Linux DCCP NAT is functional, many intermediate boxes will probably just drop DCCP traffic. DCCP is the Fixed-gear bicycle of Layer 4, it is the ultimate hipster transport.
    So here is DrLoser the idiot going off on a rant about something that is not fact. So DCCP in most networks just completely fails to function. Even Linux kernels with DCCP disabled will auto drop DCCP traffic as bad packets.

    DCCP is that lightly supported it not included in any libc. Items like DCCP makes you wonder if the Linux kernel should have a area in kernel config for prototype protocols so that avoiding building stuff like DCCP that has never taken off and mostly cannot work is not built by mistake unless special flag is set. Anyone who say DCCP is common is a under researched idiot. Most distributions had DCCP off because it basically not usable.

    By “real,” btw, you can include Apple. And Blackberry/QNX. And in fact absolutely every other OS in existence … apart from GNU/Linux.
    Not true you are forgetting items many times. Blackberry/QNX has almost no market presence.

    Real desktop (and mobile!) operating systems download these fixes without the need for human intervention.
    So does Linux Distributions like Debian if you turn the feature on. Windows users find all kinds of horible ways of turning updates off with Windows 10 like tell Windows 10 that their home wifi is a paid for service so it does not download updates. Linux distributions are not much different in this regard to anything else. Only difference is Linux Distributions is normally opt in and Windows and others you find creative ways to opt out.

  3. Ivan says:

    Firefox is sane? You realize they took it out of last years pwn2own because it was too easy, right?

  4. DrLoser, what are you smoking? You wrote, “Your recent cite is an attack vector inherent in SMB, the protocol. Thus the epically large number of corporations and products affected.”

    The reason all these products are affected is that they use TOOS. It’s not the protocol that’s faulty, although it is a dangerous protocol. It’s the implementation by M$ that is faulty.
    “If the target is not using Internet Explorer, things get a bit trickier. My favorite way around this is to take a document from the organization’s web site, save it as HTML, add an image link to my SMB server, rename the .HTML as .DOC, and email it as a ‘typo correction’ or ‘sales inquiry’ to various staff. When the users open the .DOC file, Word realizes its HTML, and then renders it with Internet Explorer, triggering the outbound connection to the SMB server. If the organization allows VPN access, the stolen/cracked credentials can then be used to access the corporate network”

    See? Sane software like FireFox doesn’t fall for this nonsense, just M$’s crapware. TOOS is an OS designed to fail. That’s why I left it behind so long ago. At least with GNU/Linux vulnerabilities are mistakes not intentional.

  5. DrLoser says:

    I think there are a few long-lived security issues with Windows versions, though. Fonts seems to spring to mind. It’s actually interesting to me that you can’t think of a relevant one yourself, Robert, since you have an all-consuming interest in such things, and I really couldn’t care less.

    Long-standing Linux security issues are coming out of the woodwork on a fairly regular basis these days, though, aren’t they? And interestingly enough they almost all seem to consist of a botched implementation of an Open Standards protocol — SSH, IPv6, now DCCP. You’d think that this is the Bread and Butter of a FLOSS system, would you not? But no. Even with the odds stacked in its favour, Linux still manages Huge Lossage.

    Incidentally, if you think that more than 1% of the Linux Desktop base are going to want to doink around with your (well, obviously somebody else’s, but word of mouth is powerful these days) grotty little “kernel config” hacks, then think again.

    Real desktop (and mobile!) operating systems download these fixes without the need for human intervention. Let alone spinning up yet another point release of the kernel, with all the consequential in-house testing and deployment that is involved.

    By “real,” btw, you can include Apple. And Blackberry/QNX. And in fact absolutely every other OS in existence … apart from GNU/Linux.

  6. DrLoser says:

    The updated attack vector, called Redirect to SMB, impacts products from Microsoft, Apple, Adobe, Symantec, Box, Oracle, and more.

    Once again you fail on the rubric, Robert. It’s a wonder to me how you ever claimed to be a competent teacher. Although, in mitigation, you were a wholly unqualified one, so it’s not surprising that you don’t choose to follow the rubric.

    Your recent cite is an attack vector inherent in SMB, the protocol. Thus the epically large number of corporations and products affected.

    Your OP cite is simply a botch job of implementing a common Internet protocol (DCCP) in the Linux Kernel. There is no attack vector here that is inherent in the DCCP protocol. The attack vector is inherent in the Linux Kernel.

    I’m sure you can tell the difference.

    I’m equally sure that you won’t admit to it.

  7. Deaf Spy wrote, ” I’d like to see if you can point out such a long-lived security whole in that other operating system.”

    The phrase, “all versions of TOOS”, comes to mind. How many of those have we seen over the years?

    e.g. “SPEAR, the research team at Cylance, has discovered new attack vectors for an 18-year-old vulnerability in Windows Server Message Block (SMB). The updated attack vector, called Redirect to SMB, impacts products from Microsoft, Apple, Adobe, Symantec, Box, Oracle, and more.”

    Yes, that was a goody… It might even set records for billion-PC-years of exposure.

  8. Deaf Spy says:

    11 years… Sweet. I’d like to see if you can point out such a long-lived security whole in that other operating system.

Leave a Reply

Your email address will not be published. Required fields are marked *