Unauthenticated RCE vs all GNU/Linux systems (plus others), disclosure due in 2 weeks

https://x.com/evilsocket/status/1838169889330135132

https://i.rdrama.net/images/17271135760988767.webp https://i.rdrama.net/images/17271135759020903.webp

https://i.rdrama.net/images/172711357626477.webp

61
Jump in the discussion.

No email address required.

>9.9 RCE

:marseypoggers: !codecels get the frick in here

Jump in the discussion.

No email address required.

Jump in the discussion.

No email address required.

NOOOO LINUX CANT BE EXPLOITED NOOO SECURITY THROUGH OBSCURITY NOOO

Jump in the discussion.

No email address required.

NOOOO THAT DOESNT COUNT WINDOWS IS CLOSED SOURCE THERE COULD BE 8 GORILLION BACKDOORS IN THERE NOOOO

Jump in the discussion.

No email address required.

Anybody who uses Linux on desktop should have a pretty good idea what passes for security most of the time.

Jump in the discussion.

No email address required.

Bro you keep mass coping about desktop vs laptop lmfao

Jump in the discussion.

No email address required.

No I mean desktop as in desktop Linux- not android.

Jump in the discussion.

No email address required.

Laptops are known to be less secure, idiot

Jump in the discussion.

No email address required.

Sure okay :marseyj#erkofffrown:

Jump in the discussion.

No email address required.

I use linux for everything and I can attest that linux security is terrible. They gave up on kernel hardening a long time ago and there is effevtively no sandboxing at all in userspace.

Pretty much all security is terrible everywhere, but linux may be one of the worst because "just dont compile and install malware lmao" has been "effective enough" security for a while.

So its a matter if you can obscure malware in source code rather than binaries. But the good thing is that static analysis of source code is far better than static analysis of binaries (antivirus is pretty useless just uses binary heuristics)

We need some sort of rust-like languge/ static analysis tool that works together witb userland sandboxing that is real easy to use (more like BSD Jails, less like apparmor).

Jump in the discussion.

No email address required.

They gave up on kernel hardening a long time ago and there is effevtively no sandboxing at all in userspace

Yet another r-slur who has no idea what hes talking about. :marseysmug2:

Jump in the discussion.

No email address required.

LMFAKOOOOOOOOOOO

Jump in the discussion.

No email address required.

More comments

wasnt the XZ utils backdoor a 9.9 too? linbros... :marseypenguingenocide:

Jump in the discussion.

No email address required.

My minecraft server is running Ubuntu 18.04 LTS in my router's DMZ, should I be concerned?

Jump in the discussion.

No email address required.

Yes. It's been infected by Ubuntu

Jump in the discussion.

No email address required.

Truly a fate worse than Windows

Jump in the discussion.

No email address required.

Use Debian, incel

Jump in the discussion.

No email address required.

There is like one critical RCE in linux a year. That it didn't get a perfect 10 means its in something that is not always installed but 9.9 means it usually is, so its not another samba.

Jump in the discussion.

No email address required.

Link copied to clipboard
Action successful!
Error, please refresh the page and try again.