>* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.>* Full disclosure happening in less than 2 weeks (as agreed with devs).>* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).>* Still no working fix.>* Canonical, RedHat and others have confirmed the severity, a 9.9, check screenshot.>* Devs are still arguing about whether or not some of the issues have a security impact.https://x.com/evilsocket/status/1838169889330135132Not a shitpost, unauthenticated RCE affecting to all Linux distros announced today and will be made public soon
>>102523339what does unauthenticated mean in this context, that it hasn't been reproduced?
>>102523392As in, an attacker does not need to be logged in to the system
>>102523339Oh god, I'm getting Rust vibes incoming.
>>102523339>No information about what it actually iscool story bro
network stack exploit or what?
>>102523339Oh no, another NSA backdoor about to be nailed shut.
>2 weeks
>>102523512https://www.evilsocket.net/https://github.com/evilsocketprobably
>>102523339>Discovered 3 weeks ago>Full disclosure in less than 2 weeks>No working fix>Checks pretty much all the boxes of extreme vulnSomething doesn't add up here, frens
>>102523476Accurate.
>>102523582>Legba
>>102523628He lives on the cuckslope, correct.
>Kernel vuln>RCE>LHL CIA impactWhoever scored this is a 9.9 on the retard scale.
>>102523339>twitter linkat least archive that shit, not everyone has an x account
Can any cyber security fags give a QRD on what this means? Is it a backdoor?
>>102524444https://nitter.poast.org/evilsocket/status/1838169889330135132literally only because you got quads
>>102524444just create a burner with disposable email
>>102524461Ask the faggot vendors who are sitting on this
>>102523582based
>>102524487thanks, added to url rewriter.>inb4 it's a vulnerability in token ring, infiniband or some other niche networking stack that wouldn'tbe directly open to the Internet anyway
>>102523339with troons you get voolns
>>102523339> Devs are still arguing about whether or not some of the issues have a security impact.nothingburger incoming
bets on whether Asterinas will be affected?
>>102523582It's in the name. Rust eats holes through iron.
>>102524869>Asterinas
If it was real he would have already sold it for a million bucks on zerodium
Is it too soon to say>2 more weeks?
>>102524948>Full disclosure happening in less than 2 weeks (as agreed with devs).>>102524905only windows has a $1m rce on there actually
>>102523582Omg please let it be... LOL... I will get so much entertainment from Linux systems being absolute security messes due to Rust. I have been arguing vehemently for a very long time that "safe!" Rust is one of the most insecure and dangerous languages to ever exist.
>>102525027There's no way you're this retarded.
>>102523339Surely this isn't some nobody exaggerating for clout right guys
>>102525088I hate people that doesn't know how to dialogue, then start shouting things like otherwise they wouldn't listen (like they are forced to)
>>102524759now that i read it a bit more carefully, he mentions GNU/Linux systems are affected (plus others, linked vendors in second image include Apple and FreeBSD) and not the kernel itself. Also "Attack Vector: Network" can mean anything on the network stack.So it's most likely some userspace daemon for some niche application layer TCP/IP based protocol, similar to blastRADIUS for example
>>102524495I can't. It required me to solve 50 captchas in a row (literally, with 1/50 progress status). I did that and it said I failed one without telling me which one and asked me to do all of it again. Humiliation ritual.
>>102525123I love nothingburgers, shows to people how only dumb stuff needs to be hypedIf it were something real it would happen suddenly like the crowdstrike issueIt's also funny how every non-linux issue is blamed on the linux kernel out of jealously, reminds me of that systemd efi fiasco that hardbricked computers which was also blamed on the kernel
>>102525184>systemd efi fiasco that hardbricked computersI don't remember the kernel being blamed. I do remember systemd was blamed by retards.
>>102523339Just 2 more weeks
>>102525088All securityfags are like this. Anything to get their name and twitter handle in the press so they can leverage it into a corporate sinecure.
>>102523339Let us know when there are actual details.
I'm betting some random userspace program open every port on UPnP by default, and somehow it's Linux's fault for allowing programs to open ports. Remember when the NT Kernel had an IPv6 RCE that couldn't be blocked by a firewall? Funny how quickly the news stopped reporting it.Screenshot this: in 2 months after the (likely nothingburger) issue has already been long solved there will still be a thread on page 1.
>>102525330>IPv6 RCE that couldn't be blocked by a firewallliterally only one guy here thought that and he kept spamming it despite all the evidence against it
>>102525088Basically /this - OP is probably the twittertard and has posted here (among a few other places) to try to get traction for >>102525249>>102525244Too slow bro >>102524948
>>102525330>there will still be a thread on page 1All threads are on page 1 at least once.
>>102523628You called nigga?
Hi Simone!
>>102525352>"Considering its harm, I will not disclose more details in the short term," the security researcher tweeted, adding that blocking IPv6 on the local Windows firewall won't block exploits because the vulnerability is triggered prior to it being processed by the firewall.https://www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled-patch-now/
>>102523476>>102523582>>102525027Literally his first comment after is that it's been present for more than a decade>>102525355I only posted this here because Ulf Frisk https://github.com/ufrisk (dude who actually knows his shit) reposted it
>>102525088Wow just like all sufficiently complicated software
>>102525088the issue is apparently affecting multiple OSes, yet his bitching about supposed endless mess of security holes mentioning exclusively in a Linux system "is going to be the writeup opening statement"? What a fucking retard.>>102525330>I'm betting some random userspace program open every port on UPnP by default, and somehow it's Linux's fault for allowing programs to open ports. true, default credentials on userspace programs get CVEs too (see qBittorrent)
>>102523339For fucks' sake, I just installed Linux on a new computer. I'm not sure if the proprietary shitware I need can be run on FreeBSD.
>>102525415>FreeBSDsee>>102523365
>>102525415>FreeBSDanon... look at >>102523365>Unauthenticated RCE vs all GNU/Linux systems (plus others)>(plus others)
>>102525440>>102525442FUUUUUUUCK! D:<
>>102525415Airgapped OpenBSD time saaar
>>102525389No proofs thoughTwo more weeks
>Availability (A) = Low (L)Meaning?They give all kinds of shit a 10/10 even if the only way it can hit you is if you let code run on your machine, so let's wait before reacting
>>102525478OpenBSD is nice but I don't want to go back to integrated graphics.
>>102525123Yeah, the fact that this affects BSD as well as Linux is… suspicious, to say the least. It can’t be incredibly low-level if it affects all of them, right? Or is it part of Unix itself?
>>102525389Collecting the names of "security experts" from twitter and github doesn't give this any more credence.Nice shout out tho Simone!
>>102523339>Not a shitpost>twitter nobody with no proofkill yourself, thanks.
>>102523339nobody will make an account on your shitty website, fuck off already
>>102524487>verifying your browserbullshit
>>102525123>(((nothing ever happens)))eat pork, faggot
Thank god I don't use the network
>>102525330Who the fuck is dumb enough to leave UPnP enabled on their router?
>>102523339GKH just did a talk explaining how the Linux Kernel Security Team works>no disclosure>no CVE assigned until it's patched
>>102523339>plus otherswhy are you like this
>>102523339>tweet 404s>no other source>no real informationThis is complete bullshit isn't it
>>102526626Maybe. It's not actionable anyhow.
>>102526571>LGBT+>Linux>GNU>BSD>Trannies>plus others
>>102523365Another W for Windows
>>102526820ahaha, windows and winning? hahaha
He limited the tweet publicity sushttps://archive.is/wwoQZ
>>102524487>evilsocket. . . protected account.First twitter goes full retard on anonymous browsingNow this asshat locks down their account.Fuck all y'all.
>>102523339no doubt its nothing again
>>102523476good thing he never saw the source of windows or macos
>>102527151jidf is about to have their backdoor exposed so they are going all out on the harassment
>>102523339
>>102525389Trannies are revolting desu
>>102525063Transsexuals are disgusting freaks. I like to leap on even the slightest glimmer of suggestion of total tranny destruction... Any tranny failure is entertaining, except suicide is too far.