* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
— Simone Margaritelli (@evilsocket) September 23, 2024
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.
* Canonical, RedHat and… pic.twitter.com/N2d1rm2VeR
Unauthenticated RCE vs all GNU/Linux systems (plus others), disclosure due in 2 weeks
https://x.com/evilsocket/status/1838169889330135132
- 65
- 61
Jump in the discussion.
No email address required.
Are we thinking systemd?
Jump in the discussion.
No email address required.
Bet you 100 coins
Jump in the discussion.
No email address required.
More options
Context
Ugh if it does turn out to be systemd the anti-systemd tards are going to reach unimaginable levels of smug.
Jump in the discussion.
No email address required.
What terrifies me is if hackers were to find a RCE exploit and pwn 50 million servers. Imagine the backlash against peaceful systemd enjoyers?
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
It'll be worse than the exploit.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Im confused on the plus others designation. Is this referring to non gnu-linux like busy box and/or bsd? !linuxchads
Jump in the discussion.
No email address required.
More options
Context
thats a good point lmao, because all distros mentioned are strictly systemd. But all GNU/Linux should imply that it is not dependent on userspace configuration (other than like glibc and GNU stuff) so maybe its in the networking stack?
RUST IN THE LINUX KERNEL IS LONG OVERDUE
Jump in the discussion.
No email address required.
Gnu/linux implies it's userspace configuration, not kernel (that would be just linux). It's the term for what normal people call "linux" in reference to the family of operating systems, even if they have no gnu shit on them.
Jump in the discussion.
No email address required.
More options
Context
There was a recent RCE in Windows from bad IPv6 packets, maybe someone copied that vector for Linux?
Jump in the discussion.
No email address required.
It's not ipv6
Jump in the discussion.
No email address required.
Oh did he clarify down thread?
Jump in the discussion.
No email address required.
would be worse
Jump in the discussion.
No email address required.
Oh hm
Jump in the discussion.
No email address required.
More options
Context
So a full on 10 instead of 9.9? Maybe "9.9" doesn't mean as much as it seems.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
More options
Context
I am using Gentoo OpenRC and I haven't been able to update in a few months because I'm r-slurred, I was worried for a minute lmao
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context