arnoldmelm4h ago

Der Exploit #CopyFail ist noch im Gespräch, da wurde ein weiterer local privileges escalation bug gefunden namens #DirtyFrag.

Im Gegensatz zu CopyFail gibt es noch keinen Patch. Er betrifft die neuesten Distros, auch die aktuellsten Rolling Release Distros.

#Linux #lpe #exploit #itsecurity #itsicherheit #hacker
https://youtu.be/Q6gdCTNI4mo?is=bidERObAC6Id64xD

New Linux Exploit Just Dropped (Before the Fix)

YouTube
Show threadjfk5h ago

@jwildeboer Good distinction to be aware of. Just to clarify, both can apply:

#RCE must not be privileged. It gives *any* kind of remote capability to run code. Could e.g. be with the highly restricted privileges of the web server process.

An #LPE vulnerability like #CopyFail or #DirtyFrag could however be chained with such an RCE vulnerability to get full root access to the target.

Jan Wildeboer 😷5h ago

#LPE — Local Privilege Escalation. A class of vulnerabilities that need a local user account on the target machine to reach higher levels of privilege, up to superuser/root

#RCE — Remote Code Execution. A class of vulnerabilities that can be exploited over unprivileged network connections, giving the attacker privileged access to the target machine.

#CopyFail, #DirtyFrag are LPEs that affect Linux systems. LPEs are typically harder to exploit than RCEs.

Hope this helps to avoid Clickbait.

sekurak News6h ago

Dirty Frag – kolejna metoda na root’a pod Linuxem

Pamiętacie Dirty Pipe? Łataliście ostatnio  Copy Fail? Pasy zapięte? Nie? To niedobrze, bo kilka godzin temu pojawiła się nowa podatność określona mianem Dirty Frag. W ramce poniżej znajduje się tymczasowe rozwiązanie mające na celu wyłączenie niebezpiecznych modułów. Jest to luka klasy LPE (local privilege escalation), która pozwala na podniesienie uprawnień...

#Aktualności #EskalacjaUprawnień #Kernel #Linux #LocalRoot #Lpe #Pipe

https://sekurak.pl/dirty-frag-kolejna-metoda-na-roota-pod-linuxem/

Dirty Frag - kolejna metoda na root’a pod Linuxem

Pamiętacie Dirty Pipe? Łataliście ostatnio  Copy Fail? Pasy zapięte? Nie? To niedobrze, bo kilka godzin temu pojawiła się nowa podatność określona mianem Dirty Frag. W ramce poniżej znajduje się tymczasowe rozwiązanie mające na celu wyłączenie niebezpiecznych modułów. Jest to luka klasy LPE (local privilege escalation), która pozwala na podniesienie uprawnień...

Sekurak
137h ago
Dirty Frag – kolejna metoda na root’a pod Linuxem https://sekurak.pl/dirty-frag-kolejna-metoda-na-roota-pod-linuxem/ #Aktualnoci #Copyonwrite #Eskalacjauprawnie #Kernel #Linux #Localroot #Lpe #Pipe #Zerocopy
Dirty Frag - kolejna metoda na root’a pod Linuxem

Pamiętacie Dirty Pipe? Łataliście ostatnio  Copy Fail? Pasy zapięte? Nie? To niedobrze, bo kilka godzin temu pojawiła się nowa podatność określona mianem Dirty Frag. W ramce poniżej znajduje się tymczasowe rozwiązanie mające na celu wyłączenie niebezpiecznych modułów. Jest to luka klasy LPE (local privilege escalation), która pozwala na podniesienie uprawnień...

Sekurak
sayzard11h ago

Dirty Frag: Universal Linux LPE

Dirty Frag는 Linux 주요 배포판에서 루트 권한을 획득할 수 있는 새로운 로컬 권한 상승(LPE) 취약점으로, xfrm-ESP Page-Cache Write 취약점과 RxRPC Page-Cache Write 취약점을 연쇄적으로 이용한다. 이 취약점은 Dirty Pipe와 Copy Fail과 같은 버그 계열에 속하며, 타이밍 의존성이 없어 높은 성공률을 보인다. 현재 공개된 패치나 CVE는 없으며, 임시 대응책으로 취약 모듈을 비활성화하는 방법이 권고된다. 다양한 주요 배포판에서 테스트되었으며, 공개된 PoC 코드도 제공된다.

https://github.com/V4bel/dirtyfrag

#linux #security #lpe #kernel #exploit

GitHub - V4bel/dirtyfrag

Contribute to V4bel/dirtyfrag development by creating an account on GitHub.

GitHub
[nate@social0 ~]$ 14h ago
So, daily! I guess daily is the new pace at which I need to mitigate zero day kernel flaws. Got it. #linux #kernel #lpe #dirtyfrag #copyfail
sayzard16h ago

Copyfail2

Copy Fail 2: Electric Boogaloo는 Linux 커널의 xfrm ESP-in-UDP MSG_SPLICE_PAGES 취약점을 이용한 비권한 로컬 권한 상승(LPE) 익스플로잇이다. 이 취약점은 페이지 캐시를 통해 읽기 가능한 파일을 덮어쓰고, /etc/passwd 파일에 루트 권한을 가진 사용자 계정을 추가하여 권한 상승을 수행한다. Ubuntu 22.04 LTS 5.15 커널 버전은 취약하지 않으며, 6.5 이상 커널에서 발생하는 문제다. 취약점은 CVE-2026-31431과 같은 클래스이며, 관련 패치는 이미 리눅스 커널 네트워크 개발 저장소에 반영되었다. 익스플로잇 코드는 공개되어 있어 보안 점검 및 대응에 참고할 수 있다.

https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo

#linux #kernel #security #lpe #exploit

GitHub - 0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo: Copy Fail 2: Electric Boogaloo

Copy Fail 2: Electric Boogaloo. Contribute to 0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo development by creating an account on GitHub.

GitHub
sandwurm18h ago
After #CopyFail now we have #DirtyFrag:
Hyunwoo Kim has announced the Dirty Frag security flaw, a local-privilege-escalation (LPE) vulnerability similar to the recently disclosed Copy Fail flaw
https://lwn.net/Articles/1071719/
#security #linux #LPE
Dirty Frag: a zero-day universal Linux LPE

Hyunwoo Kim has announced the Dirty Frag security flaw, a local-privilege-escalation (LPE) vuln [...]

LWN.net
deltatux 18h ago
A new day, a new exploit. A security researcher has published a PoC for Dirty Frag which like Copy Fail allow attackers with local access to gain root. Like Copy Fail, no patch is available at disclosure but mitigations exist. Mitigation has a side effect that IPSec would fail though.

This flaw affects all kernel versions including the latest Linux 7.0.4.

This disclosure was originally scheduled for next month, so no CVE either. It was disclosed early because the embargo was broken.

github.com/V4bel/dirtyfrag

#Linux #DirtyFrag #infosec #cybersecurity #LPE #root
GitHub - V4bel/dirtyfrag

Contribute to V4bel/dirtyfrag development by creating an account on GitHub.

GitHub