Salta al contenuto

Piero Bosio Social Web Site Personale Logo Fediverso

Social Forum federato con il resto del mondo. Non contano le istanze, contano le persone
  • jadi@mastodon.bsd.cafeundefined

    I spent the last couple of days examining the source code and understanding the Copy

    Mondo copyfail linux video
    1
    0 Votazioni
    1 Post
    0 Visualizzazioni
    jadi@mastodon.bsd.cafeundefined
    I spent the last couple of days examining the source code and understanding the Copy.Fail vulnerability in detail. This vulnerability happens on the shoulders of 4 key components:- Page cache- AF_ALG- algif_aead- splice()In this video, I talk about these components and demonstrate how the CVE-2026-31431 vulnerability allows attackers to gain root access by modifying the “su” entry in the page cache.https://youtu.be/OftLQ1uPh4M#copyfail #linux #video
  • jwildeboer@social.wildeboer.netundefined

    Ah, the #copyfail clickbait posts are coming.

    Mondo copyfail
    23
    1
    0 Votazioni
    23 Post
    0 Visualizzazioni
    jwildeboer@social.wildeboer.netundefined
    @blindcoder Yes, it needs local user access. But that could also be tunnelled through an exploitable Wordpress install or other PHP etc stuff. SELinux might already help in that case, but my general rule would be: If the machine is exposed to the internet, deploy the mitigation. For machines that are not open to the internet, like homelabs etc it is an acceptable risk to wait for the updated kernel packages.
  • the_moep@mastodon.deundefined

    They: "On a scale from 1 to 10: How lazy are you?"

    Mondo copyfail linux cybersecurity
    1
    0 Votazioni
    1 Post
    0 Visualizzazioni
    the_moep@mastodon.deundefined
    They: "On a scale from 1 to 10: How lazy are you?"Me: Using the copy fail exploit instead of sudo to avoid having to type my password#copyfail #linux #cybersecurity
@pierobosio@soc.bosio.info