Devastating 'Dirty Frag' exploit leaks out, gives immediate root access on most Linux machines since 2017, no patches available, no warning given — Copy Fail-like vulnerability had its embargo broken

sanitation@lemmy.radio · 8 hours ago

Devastating 'Dirty Frag' exploit leaks out, gives immediate root access on most Linux machines since 2017, no patches available, no warning given — Copy Fail-like vulnerability had its embargo broken

Azzu@lemmy.dbzer0.com · 2 hours ago

“No patches available” might’ve been true at time of writing (and might still be true for old kernels, idk), but kernel 7.0.4, released yesterday, is already fixed.

bookmeat@fedinsfw.app · 2 hours ago

It bothers me that the test for this vulnerability is a link to some random repo online with arbitrary code and no one is batting an eye.

iopq@lemmy.world · edit-2 8 hours ago

That article doesn’t tell me much. Any writeup with the affected code?

Edit: found it

https://github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md

Nighed@feddit.uk · 7 hours ago

What is the exploit case? It says it’s IPsec stuff?

Is it therefore remotely exploitable, or does it need a local user?

Are routers at risk?

grainfed@quokk.au · 5 hours ago

“any local user can instantly get root (administrator) access on an affected box, just by running a small program” quote from the short article. So it seems home computers are safe.

Nighed@feddit.uk · 2 hours ago

I thought that was refering to copyfail?

sanitation@lemmy.radio · 5 hours ago

It’s gotta be local.

cholesterol@lemmy.world · 7 hours ago

Also local, right?

FreedomAdvocate · 7 hours ago

And yesterday people were making fun of Microsoft for logged in users being able to see their browser passwords 🤣

BradleyUffner@lemmy.world · 4 hours ago

The thing Microsoft says is by design and won’t fix? Let’s see if you can spot the difference.

bulwark@lemmy.world · edit-2 8 hours ago

Why does Microsoft keep funding all these Linux exploits?

dotCody@lemmy.world · 1 hour ago

Ok then.

pastermil@sh.itjust.works · 7 hours ago

Where does it say in the article?

Even if it’s true, wouldn’t it be a good thing, since it probably wouldn’t be found otherwise?

bulwark@lemmy.world · 7 hours ago

Short answer, nothing. Long answer, Mcafee, Norton, Kaspersky, etc. all have divisions devoted to creating viruses to keep the rest of the company profitable. Microslop has been increasingly desperate recently as they hemorrhage users. They have always been a deeply dishonest company dating back to the 90’s and IP theft over GUI. I suspect they might be behind the recent push to scare the public of “the dangers” of open source and think of the kids I.D. checks.

fartsparkles@lemmy.world · 5 hours ago

To everyone who isn’t wrapping themselves in aluminum, these companies don’t have teams writing viruses. This has been regurgitated around since the 90s and it’s hilariously false.

fistac0rpse@fedia.io · 7 hours ago

“divisions devoted to creating viruses”

any source on this?

saltesc@lemmy.world · 7 hours ago

The hunch on my back

jimmy90@lemmy.world · 6 hours ago

see now when the jews invented capitalism with the catholics and were supressing mans natural instinct for communal living

ummm ummm

you know it all started there

we just need to go back to hegel and marx and that and lenin too

ok bye

FreedomAdvocate · 7 hours ago

Ah yes, Microsoft is so desperate as they hemorrhage users…….

mlatu@moist.catsweat.com · 6 hours ago

ah yes, because stocks == users, thank you for the clarification

AnyOldName3@lemmy.world · 4 hours ago

The stock price can mean they don’t care about hemorrhaging users. Windows is far from the main thing Microsoft makes money from.

ThyTTY@lemmy.world · 8 hours ago

Because they want to discourage users and governments from switching to Linux