New/old threat you need to be aware of.

kc1di

Well-Known Member
Joined
May 14, 2021
Messages
2,194
Reaction score
2,111
Credits
15,993
There was another security alert yesterday. See here for details. But this could be a very bad one and I may be looking to find a distro without Systemd after all.
Just be careful and be informed.
 


Update Mint sent out a patch for this yesterday. Not sure if Ubuntu patched it yet. But keep your systems up to date.
 
An attacker can exploit a vulnerability in Polkit’s pkexec component, tracked as CVE-2021-4034, that affects all major Linux distributions to gain full root privileges on the system. The good news is that this issue is not remotely exploitable, but if an attacker can log in as any unprivileged user, it can allow to gain root privileges.

 
got my update at 8-04 gmt this morning
 
Updated on Debian Sid.
 
Threads merged.
 
There was another security alert yesterday. See here for details. But this could be a very bad one and I may be looking to find a distro without Systemd after all.
Just be careful and be informed.
Just think of vulnerabilities we still dont know about. In the security industry they call these "zero day vulnerabilities".
For as long as humans write code there will always be bugs and vulnerabilities. The threat will always be ongoing, in general linux users are much safer than windows or mac users but the threat to security still remains
 
in general linux users are much safer than windows or mac users but the threat to security still remains
LOL a privilege escalation vulnerability doesn't make any os safer than the other, just be thankfull it isn't a remote executable one.
 
Last edited:
Just think of vulnerabilities we still dont know about.

Fortunately, most Linux vulnerabilities require a great deal of effort to exploit them. Like, this one requires you access a user account - be it local or remote. If you can remotely access with a regular user account you could use this vulnerability, but these things already require access to the machine.

For the most part, Linux exploits require user action to be dangerous.

As I say with some regularity, "Malware exists for Linux. Just don't install it."
 

Members online


Top