Linux kernel LPE ("fragnesia", CopyFail 3.0)
2026년 5월 공개된 'Fragnesia'는 Linux 커널의 XFRM ESP-in-TCP 서브시스템에서 발견된 새로운 로컬 권한 상승(LPE) 취약점입니다. 이 취약점은 Dirty Pipe와 유사한 페이지 캐시 쓰기 버그를 이용해 읽기 전용 파일의 커널 페이지 캐시를 임의로 수정할 수 있으며, race condition 없이 작동합니다. 공격자는 이를 통해 /usr/bin/su 바이너리의 메모리 내 내용을 변조해 루트 권한 쉘을 획득할 수 있습니다. 현재 패치는 netdev 메일링 리스트에 제출되었으나, 아직 메인라인 커널이나 안정화 버전에 포함되지 않았습니다. PoC 코드도 공개되어 있어 보안 업데이트가 시급합니다.
Come funzionano le vulnerabilità di #PrivilegeEscalation #Linux basate su corruzione della Cache? (#CopyFail, #DirtyFrag, #DirtyPipe)
Und mit Dirty Frag geht es mit LPEs unter Linux munter weiter.
La faille du jour sous Linux : #DirtyFrag
https://github.com/V4bel/dirtyfrag
Grosse faille (à la suite de #DirtyPipe et #CopyFail) !
Malheureusement, à cause de la rupture d'embargo, il n'y a pas encore de patchs disponibles !!!
Le mieux est de supprimer les modules concernés :
sh -c "printf 'install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
' > /etc/modprobe.d/dirtyfrag.con…
Happy Monday everyone!
We are going to start this week off with a nice resource in our #readoftheday! If you have yet to hear about Wazuh, now is your chance! It is a free, open-source security platform that protects data assets from threats [2]. In this article, the researchers cover what abusing Living-off-the-Land binaries (LOLBINs) looks like from the perspective of an Ubuntu and Kali Linux endpoint and focus on the #DirtyPipe exploit and the DDexec utility. After walking readers through the emulation they then discuss how Wazuh helps detect these techniques. It is a good read and a resource I want to get into my own lab to start playing with!
As always, check out the full article and others by Wazuh researchers on their blog and stay tuned for the threat hunting tip of the day! Enjoy and Happy Hunting!
Detecting Living Off the Land attacks with Wazuh
https://wazuh.com/blog/detecting-living-off-the-land-attacks-with-wazuh/
Other reference:
https://github.com/wazuh/wazuh [2]
Intel 471 #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #Intel471
🧨Our Newest Article Is Out:
https://www.vicarius.io/vsociety/posts/the-de-vinci-of-dirtypipe-local-privilege-escalation-cve-2022-0847
Hi, A serious flaw still exists and can affect thousands of VF2's deployed so far. Dirtypipe is easily exploitable, allows to overwrite any file in filesystem not normally writable (permissions che...
Very cool writeup about the dirty pipe vulnerability (cve-2022-0847) by Valentin Obst and Martin Clauß
https://lolcads.github.io/posts/2022/06/dirty_pipe_cve_2022_0847/
Intro This blog post reflects our exploration of the Dirty Pipe Vulnerability in the Linux kernel. The bug was discovered by Max Kellermann and described here. If you haven’t read the original publication yet, we’d suggest that you read it first (maybe also twice ;)). While Kellermann’s post is a great resource that contains all the relevant information to understand the bug, it assumes some familiarity with the Linux kernel. To fully understand what’s going on we’d like to shed some light on specific kernel internals.
sayzard
morrolinux
leckse
Jérémy -Jeey-
Just Another Blue Teamer
vsociety
adingbatponder 
👾
0xD 
0xor0ne
Tarnkappe.info