Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).
pull down to refresh
pull down to refresh
Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).
You should always assume that anybody with a shell access or physical access can become root and act accordingly.
Unfortunately, you're right 👍
what are the chances that hackers are using AI to analyze the code to find vulnerabilities ?
just found a guy on X who’s doing exactly this (except seems white hat??)
Some people might have multiple hats on :)
That's already a thing, a friend of mine works at a company which sells a product like this (automated internal pentesting).
They use machine learning to detect common vulnerable code, network configurations etc.
It's similar to what this company does: https://xmcyber.com/platform/
Nowadays, AI will be the primary tool for making hackers' life easier
Conversely, AI will be the primary tool to make networks more resilient. I guess I am drinking from the glass half full.
NixOS developers have patched glibc. The commits are in the "staging-next" branch, so the fix is not widely available, but it's being fast-tracked.
glibc updates cause mass rebuilds (since almost everything depends on glibc), so I bet the Hydra build servers are very busy at the moment.
Notice that the patch was not backported any further than 23.11, which is the latest stable release.
Physical acces is pwnage. LUKS/Bitlocker/FileVault your shit.
yikes