[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
| It's very hard to say what is crucial without knowing what the device is and does but gaping (CVSS > 9) security holes in the Linux kernel are look to be being found at least weekly currently. https://www.cvedetails.com/vulnerability-list.php?vendor_id=33&product_id=47&version_id=&page=2&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=9&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=119&sha=553a8a4aa254acc78556395def82806fc2f45cc0 Many of these are privilege escalations, you should just assume anyone who can run code of their choosing or can get shell access, can get root, that is a more realistic view of the world. Since you are fighting privilege escalation flaws in kernel AND correct file permissions ( Kuang analysis for defenders seems to be a dying art). But there have recently been UDP packet leading the RCE, and the Broadcom WiFI firmware issue (yes the same thing iPhone's had). Of course if you don't allow arbitrary UDP (even port 53?) and don't have the affected Broadcom chipset.... In practise exploitation of such flaws is limited, and exploits usually need to be specific to architecture and other conditions need to be met. However it does feel like security because attackers can't be bothered. Worms like Wannacry are a coming to Linux, but to have similar impact they have to affect Android, or other widespread Linux devices (home routers?), or use multiple vulnerabilities and architectures. I tend to keep kernels current but only reboot where there is a specific issue of note with the kernel. The things that matter are heavily firewalled and allow only very specific types of traffic (e.g. VPN). |
-- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq