New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Another Linux vulnerability
glueckself
Member
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
TLDR: allows users to read files readable only by root (such as the host SSH key, ...).
Workaround is to set /proc/sys/kernel/yama/ptrace_scope to at least 2 or 3.
bit more complicated, https://www.openwall.com/lists/oss-security/2026/05/15/3
Have fun 
Comments
Fuck
Fuck
Fuck
Fuck
Who's the guy that loves freebsd? we need him to post here yet again.
we have more and more ways to change forgotten root password...
@FrankCastle https://lowendtalk.com/discussion/197572/let-bsd-thread/p1
@raindog308 https://lowendbox.com/blog/lets-try-bsd-part-1-of-7-introduction-freebsd-openbsd-netbsd-dragonflybsd/
Actually, I'm not a huge FreeBSD guy. Respect it and enjoy it, but life is short and I can't fall in love with every OS.
I do love OpenBSD, though, niche as it is.
@jsg is more of a FreeBSD guy.
And we'll have to apt update and upgrade to the latest kernel again?
The end is nigh.
... and reboot. That's the easy part.
The hard part is not to get your SSH host key/... leaked until there is something to update (or until your kernel build finishes).
I'd say the ptrace_scope-2/3-mitigation is a good start, as it definitely prevents the PoC (I get EPERM/Operation not permitted on pidfd_getfd(2)).
Might still be vulnerable via better-written exploits, but at least it prevents every script kiddie from just running the PoC.
Untested patch I try to make using opus: Do not deploy unless you're ready to rebuild/reinstall
harden-pidfd.sh
https://pastebin.com/raw/6AmXWPpX
harden-pidfd-wenyan.sh
https://pastebin.com/raw/3xD8jdkq
I see, its Friday again
That would only happen if you're running a shared environment or your box has already been compromised, and if your box has already been compromised then you have much bigger problems than this new LPE
Shared environments are my main concern. The few Webspaces I have, I have to consider compromised. Even without persistent compromise of the provider, an attacker still could've read my keys (DB password), so I need to rotate them (and I rather play X4...)
My second concern are VMs, because being root gives you access to kernel-mode and thus much greater attack surface on the hypervisor than just being in user-mode.
My two classes of vulnerabilities are DoS (don't care, nothing I run is that important to never be down), and privilege elevation (includes e.g. remote code execution, it's just a privilege an attacker doesn't have and gains. Basically a system is supposed to do one thing, and if someone can do anything else with it, it's bad). Of course, a RCE in the Linux networking stack would be much worse than this, I just treat both as "fuck".
I'll fill in for now cos I love it. What we need is panel support for freebsd again, cpanel and DA both ditched it. Who's laughing now? Not us on linux and cPanel this past couple of weeks that's for sure
Linux is becoming the new Windows OS... As it get more popular and a largest users based the attacks, malwares, virus, hacks will grow!
20,000 Linux users grabbed a malicious Cemu build that steals passwords for coding and cloud credentials
https://www.xda-developers.com/20000-linux-users-grabbed-malicious-cemu-build-steals-passwords-coding-cloud-credentials/
are you saying that you'd rather be oblivious of vulnerabilities and consider it not existing? Or would you rather be Microsoft, closed source, no way to audit code, no way to know any vulnerability until it has been abused in the wild a thousand times?
Vulnerabilities being found are good thing. It means that despite being open source, more and more complex vulnerabilities are being patched.
The second biggest reason(or even biggest for some) for not open sourcing a software is to hide code from malicious actors/security researchers thus making it hard to exploit their system.
I don't think this is a good way to deal with vulnerabilities. The more openly audited something is, the better, secure and reliable it will be on the long run.
think machines already decided we are useless
FreeBSD also had serious RCE bug few weeks ago:
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:12.dhclient.asc
But I totally agree that cpanel and directadmin should support this system again.
bunch of fucking fanboys
It seems it's the AI who found this weak point.
But the vendors don't ask AI for solutions asap?
It's friday, it's expected
Just wondering how much these recent discoveries and patches affect government agencies that rely on stockpiles of undisclosed vulnerabilities.
Expect more xz style backdoors they'll have to plant their own...
https://x.com/v12sec/status/2055282721212252178?s=20
blyat
No details, but that one sounds real bad for everyone.