Oddbean new post about | logout
 ~EVERY Linux distribution has a major local root privilege escalation vulnerability. Exploitable. How fun. "exploitation works against almost all of the SUID-root programs that are installed by default" https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

https://files.mastodon.social/media_attachments/files/111/177/233/364/508/045/original/7828d5d8cc6498d5.png 
 @974a6e71 Good news is the patch is available and on its way: https://sourceware.org/git/?p=glibc.git;a=commit;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa

Already in Debian Sid.