DCCP code cockup lay unnoticed since 2005
23 Feb 2017 at 02:57, Richard Chirgwin Eleven years ago or thereabouts, the Linux kernel got support for the Datagram Congestion Control Protocol – and also got a privilege escalation bug that has just been fixed.Like basically every root hole, this flaw can be potentially exploited by software on a vulnerable device, or logged-in users, to gain root-level access and fully compromise the computer. It can be chained with remote-code execution vulnerabilities to take over a box from across the network or internet.
Kernel developer Andrey Konovalov announced the fix for the bug on the Open Source Security Mailing List, explaining the programming blunder probably dates to October 2005 when Linux first got Datagram Congestion Control Protocol (DCCP) support.
Full Article