Linux Today: Linux News On Internet Time.





More on LinuxToday


How Badlock Was Discovered and Fixed

Apr 18, 2016, 10:00 (1 Talkback[s])

Severity analysis of vulnerabilities by experts from the information security industry is rarely based on real code review. In the ‘Badlock’ case, most read our CVE descriptions and built up a score representing a risk this CVE poses to a user. There is nothing wrong with this approach if it is done correctly.  CVEs are analyzed in isolation; as if no other issue exists. In the case of a ‘Badlock‘ there were eight CVEs. The difference is the fact that one of them was in a foundational component used by most of the code affected by the remaining seven CVEs. That very specific CVE was marked CVE-2015-5370.

Complete Story

Related Stories: