:: Re: [DNG] Critical CVE?
Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Jeremy Phelps
Fecha:  
A: the pterodactyl
Cc: dng
Asunto: Re: [DNG] Critical CVE?
This guy who claims to have insider knowledge makes it sound like a problem
in the kernel network stack:

https://slashdot.org/comments.pl?sid=23466721&cid=64817845

On Thu, Sep 26, 2024, 04:26 the pterodactyl <iam@???> wrote:

> From Slashdot.org:
>
> ------------
>
> Critical Unauthenticated RCE Flaw Impacts All GNU/Linux Systems
>
> Posted by BeauHD on 2024-09-25 20:00 from the not-a-good-look dept.
>
> "Looks like there's a storm brewing, and it's not good news," writes
> ancient Slashdot reader jd. "Whether or not the bugs are classically
> security defects or not, this is extremely bad PR for the Linux and Open
> Source community. It's not clear from the article whether this affects
> other Open Source projects, such as FreeBSD." From a report:
>
> A critical unauthenticated Remote Code Execution (RCE) vulnerability has
> been discovered, impacting all GNU/Linux systems. As per agreements with
> developers, the flaw, which has existed for over a decade, will be fully
> disclosed in less than two weeks. Despite the severity of the issue, no
> Common Vulnerabilities and Exposures (CVE) identifiers have been assigned
> yet, although experts suggest there should be at least three to six.
> Leading Linux distributors such as Canonical and RedHat have confirmed the
> flaw's severity, rating it 9.9 out of 10. This indicates the potential for
> catastrophic damage if exploited. However, despite this acknowledgment, no
> working fix is still available. Developers remain embroiled in debates over
> whether some aspects of the vulnerability impact security.
>
> ----------
>
> Howdy Devuaners,
>
> Can someone "in the know" please tell us what this is about and whether we
> all
> should start a re-install movie en masse? I saw an anonymous post (that I
> *hate* to mention, lest a rumour spread and besmirch a fine, respected,
> and venerable program) that it is CUPS, and that seems reasonable, given
> that
> CUPS has been part of GNU/Linux for so long. But I have disabled the two
> (2)
> services jic. Sayagain: Only an unsubstantiated rumour in a time of
> crisis. Discretion pls.
>
> Just between you, me, and the dear lord, I really, really hope the
> vulnerability is in systemd. That would tickle me pink. (grin)
>
> Thanking you for all your kind work,
>
> --
> Q:      Why do mountain climbers rope themselves together?
> A:      To prevent the sensible ones from going home.
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

>