Show threadJTI2h ago

@sodiboo @ifin @threatintel

Also, notable mention. unexpected thread: https://github.com/lenucksi/aur-malware-check/issues/5

Are there any plans on some bit more central validation, maybe even with some AI/LLM/... with regular conversion of insights to fixed/deterministic rules as discussed throughout the thread? Something something semgrep/opengrep, yara, flathub manifest style etc pp?

Also: How does this incident not yet have a creative name? I'm not asking for a #bumsrakete but there's gotta be something 🤣

#llm #flathub #abuseprevention #malwareCheck #yara #opengrep #archLinux #archlinuxaur #aur

AURSCAN: Scanning AUR packages using Claude LLM · Issue #5 · lenucksi/aur-malware-check

Please have a look at https://github.com/manticore-projects/aurscan and maybe add.

GitHub
Aljoscha Rittner (beandev)1d ago

BUMSRAKETE™ — The Most Beautiful, Most Tremendous FreeBSD Vulnerability In The History Of Computing. BELIEVE ME.

https://bumsrake.de/

#bumsrakete #InfoSec #FreeBSD #cve202645257

Kallisti1d ago

https://bumsrake.de/

> The CVSS people, very sad people, sometimes the worst people, capped severity at 10.0. We had to invent a new scale because this bug demanded it. Tremendous demand. 13/10. Nobody knew kernel bugs could be this big. Many such cases.

#FreeBSD #Bumsrakete

BUMSRAKETE™ — The Most Beautiful, Most Tremendous FreeBSD Vulnerability In The History Of Computing. BELIEVE ME.

BUMSRAKETE is a HUGE, TREMENDOUS, MANY-PEOPLE-ARE-SAYING FreeBSD kTLS-RX page-cache write primitive. The BEST primitive. Some say the best ever.

Reverend Elvis1d ago
Das hätte auch keiner gedacht, dass nach dir mal ein 0-Day-Exploit benannt wird. Stimmts Bumsrakete? #hack #bsd #freebsd #bumsrakete
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕1d ago

«Kernel-Bug — FreeBSD-Exploit "Bumsrakete" verleiht Root-Zugriff:
Ein Exploit namens Bumsrakete gefährdet alle FreeBSD-Versionen der letzten fünf Jahre. Die Entdecker nehmen es mit reichlich Humor»

Weshalb wahrscheinlich einige Server kurz offline waren/sind. Sicherheitsrelevante Updates müssen auf der Stelle eingespielt werden, denn die par Minuten das die User einschränkt ist harmlos dem Bug gegenüber.

😈 https://bumsrake.de
📰 https://www.golem.de/news/kernel-bug-freebsd-exploit-bumsrakete-verleiht-root-zugriff-2606-209694.html

#freebsd #bug #kernelbug #bumsrakete

BUMSRAKETE™ — The Most Beautiful, Most Tremendous FreeBSD Vulnerability In The History Of Computing. BELIEVE ME.

BUMSRAKETE is a HUGE, TREMENDOUS, MANY-PEOPLE-ARE-SAYING FreeBSD kTLS-RX page-cache write primitive. The BEST primitive. Some say the best ever.

FlohEinstein1d ago

Bumsrakete Exploit.
And Comic Sans Cruelty

https://bumsrake.de

#freebsd #exploit #bumsrakete

mauri 1d ago

Das nenne ich mal einen Bug-Report… oder eine Bug-Website… oder ach keine Ahnung 😂 #freebsd #bumsrakete

https://bumsrake.de/

BUMSRAKETE™ — The Most Beautiful, Most Tremendous FreeBSD Vulnerability In The History Of Computing. BELIEVE ME.

BUMSRAKETE is a HUGE, TREMENDOUS, MANY-PEOPLE-ARE-SAYING FreeBSD kTLS-RX page-cache write primitive. The BEST primitive. Some say the best ever.

aniCausa1d ago

"BUMSRAKETE™

The HUGEST, the MOST TREMENDOUS FreeBSD page-cache write primitive in the history of computing."

#bumsrakete #cve #unix

https://bumsrake.de/

BUMSRAKETE™ — The Most Beautiful, Most Tremendous FreeBSD Vulnerability In The History Of Computing. BELIEVE ME.

BUMSRAKETE is a HUGE, TREMENDOUS, MANY-PEOPLE-ARE-SAYING FreeBSD kTLS-RX page-cache write primitive. The BEST primitive. Some say the best ever.

지지 ᚠד (Jiji Freya Daniel), 黄法官1d ago

Nice, #Bumsrakete works on a #FreeBSD 15.0 system.

TL;DR page cache #vuln in the #kernel, exploitable within seconds, privesc from normal user to #root

17/10 can recommend ⭐🌟

https://bumsrake.de/

jomo2d ago

Bumsrakete being delivered to the corporate infosec world

#bumsrakete #infosec