New Linux glibc flaw lets attackers get root on major distros \ stacker news ~security

New Linux glibc flaw lets attackers get root on major distros www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/

731 sats \ 11 comments \ @ch0k1 1 Feb security

Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).

view all related items

20 sats \ 1 reply \ @harrr 1 Feb

You should always assume that anybody with a shell access or physical access can become root and act accordingly.

0 sats \ 0 replies \ @ch0k1 OP 1 Feb

Unfortunately, you're right 👍

3 sats \ 5 replies \ @zarko 1 Feb

what are the chances that hackers are using AI to analyze the code to find vulnerabilities ?

100 sats \ 1 reply \ @niftynei 1 Feb

just found a guy on X who’s doing exactly this (except seems white hat??)

0 sats \ 0 replies \ @ek 1 Feb

Some people might have multiple hats on :)

24 sats \ 0 replies \ @ek 1 Feb

That's already a thing, a friend of mine works at a company which sells a product like this (automated internal pentesting).

They use machine learning to detect common vulnerable code, network configurations etc.

It's similar to what this company does: https://xmcyber.com/platform/

0 sats \ 1 reply \ @ch0k1 OP 1 Feb

Nowadays, AI will be the primary tool for making hackers' life easier

0 sats \ 0 replies \ @DiedOnTitan 2 Feb

Conversely, AI will be the primary tool to make networks more resilient. I guess I am drinking from the glass half full.

267 sats \ 0 replies \ @emmanuelrosa 1 Feb

NixOS developers have patched glibc. The commits are in the "staging-next" branch, so the fix is not widely available, but it's being fast-tracked.

glibc updates cause mass rebuilds (since almost everything depends on glibc), so I bet the Hydra build servers are very busy at the moment.

Targeting master and unstable branches: https://github.com/NixOS/nixpkgs/pull/285050
Targeting NixOS 23.11 release: https://github.com/NixOS/nixpkgs/pull/285329

Notice that the patch was not backported any further than 23.11, which is the latest stable release.

0 sats \ 0 replies \ @godlikeXi 4 Feb

Physical acces is pwnage. LUKS/Bitlocker/FileVault your shit.

0 sats \ 0 replies \ @_b_o_n_e_s_ 1 Feb

yikes