Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


BDFL - Memuneh
61024 posts

Uber Geek
+1 received by user: 11853

Administrator
Trusted
Geekzone
Lifetime subscriber

Topic # 239837 7-Aug-2018 10:17
Send private message quote this post

I wonder how CVE-2018-5390 Linux kernel versions 4.9+ vulnerability would affect Linux-based consumer-grade routers in the wild... Not sure how many (if any) models are running affected version - but if any then I would be afraid.

 

@michaelmurfy do you know?





Create new topic
2910 posts

Uber Geek
+1 received by user: 1099

Subscriber

  Reply # 2069183 7-Aug-2018 10:22
Send private message quote this post

The above vulnerability is a denial of service. So it at least isn't something that could allow a worm to appear.







BDFL - Memuneh
61024 posts

Uber Geek
+1 received by user: 11853

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 2069201 7-Aug-2018 10:52
Send private message quote this post

Correct, but would annoy a lot of people.

 

My current router is not affected as it is running kernel 3.4...





Meow
7624 posts

Uber Geek
+1 received by user: 3708

Moderator
Trusted
Lifetime subscriber

  Reply # 2069234 7-Aug-2018 12:13
Send private message quote this post

Very few routers (if any) will be using this and all routers planning to use this in the future will likely be using a patched version of the kernel. It is quite a new kernel.

 

My PC is running 4.9.0-7 and my Edgerouter is running 3.10.107-UBNT. The Alpha firmware I think does have 4.9 in testing but as this is an alpha it should be updated before the final build.

 

I don't think many others really run a later version of the Linux kernel - many appliances run FreeBSD / NetBSD or have older kernel versions.





67 posts

Master Geek
+1 received by user: 8


  Reply # 2069472 7-Aug-2018 18:42
Send private message quote this post

Attack surfuce is pretty small. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port. How often a consumer-grade router has a service running on it and exposed to the Internet? Forwarded traffic won't cause DoS.

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces new NUC kits and NUC mini PCs
Posted 16-Aug-2018 11:03


The Warehouse leaps into the AI future with Google
Posted 15-Aug-2018 17:56


Targus set sights on enterprise and consumer growth in New Zealand
Posted 13-Aug-2018 13:47


Huawei to distribute nova 3i in New Zealand
Posted 9-Aug-2018 16:23


Home robot Vector to be available in New Zealand stores
Posted 9-Aug-2018 14:47


Panasonic announces new 2018 OLED TV line up
Posted 7-Aug-2018 16:38


Kordia completes first live 4K TV broadcast
Posted 1-Aug-2018 13:00


Schools get safer and smarter internet with Managed Network Upgrade
Posted 30-Jul-2018 20:01


DNC wants a safer .nz in the coming year
Posted 26-Jul-2018 16:08


Auldhouse becomes an AWS Authorised Training Delivery Partner in New Zealand
Posted 26-Jul-2018 15:55


Rakuten Kobo launches Kobo Clara HD entry level reader
Posted 26-Jul-2018 15:44


Kiwi team reaches semi-finals at the Microsoft Imagine Cup
Posted 26-Jul-2018 15:38


KidsCan App to Help Kiwi Children in Need
Posted 26-Jul-2018 15:32


FUJIFILM announces new high-performance lenses
Posted 24-Jul-2018 14:57


New FUJIFILM XF10 introduces square mode for Instagram sharing
Posted 24-Jul-2018 14:44



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.