Dirty Frag: Universal Linux LPE - CVE similar to Copy Fail
(www.openwall.com)
from eager_eagle@lemmy.world to selfhosted@lemmy.world on 08 May 13:02
https://lemmy.world/post/46584568
from eager_eagle@lemmy.world to selfhosted@lemmy.world on 08 May 13:02
https://lemmy.world/post/46584568
cross-posted from: lemmy.world/post/46584454
Local Privilege Escalation “Dirty Frag” made public
#selfhosted
threaded - newest
RFC: As I understand it this exploit requires local access and cannot be deployed remotely. Is this a correct analysis?
It requires access. Not restricted to be local.
It’s a LOCAL privilege escalation vulnerability. You need sufficient access to be able to execute arbitrary code locally on the machine. You would need a remote code execution vulnerability in an exposed service (VPN, web server, game server and so on) before an attacker could chain to this to get remote root on your system.
right, but remote code execution comes in many different ways. Having a machine vulnerable to this kind of privilege escalation is a really bad thing.
Certainly. I don’t discount that any exploit is ‘really bad’. I like my OS of choice to be as free of exploits as it can possibly be. However, some of the material I was reading involved areas of Linux that I have little if any knowledge of value with, so I thought I’d as the question.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
[Thread #279 for this comm, first seen 8th May 2026, 23:40] [FAQ] [Full list] [Contact] [Source code]