Sign in / up

back to article Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching

A Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14.  Running the exploit as a normal user on a vulnerable machine will grant you root access to the box, allowing you to do …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    If you are *already* in such a sad state ...

    Running the exploit as a normal user on a vulnerable machine ...

    Yes, that can happen. -> ie: normal user, vulnerable machine.

    ... can be used by rogue insiders or malware already on a computer ...

    Now, that can/should not ever happen. -> ie: rogue insider, malware

    If you are already in such a sad state, a vulnerable machine is the least of your problems.

    .

    10 27 Reply
    1. MatthewSt Silver badge
      Reply Icon
      Mushroom

      Re: If you are *already* in such a sad state ...

      I'm hoping I'm misreading your comment, because based on those arguments we may as well grant all users root access and do away with passwords

      29 2 Reply
    2. Bebu
      Reply Icon
      Windows

      Re: If you are *already* in such a sad state ...

      《If you are already in such a sad state, a vulnerable machine is the least of your problems.》

      True only if all your systems, networking and security policies, implementation, monitoring and enforcement are in that state of grace that has apparently eluded the rest of us.

      This vulnerability if nothing else demonstrates the unlikeliness of such a perfect state in the actual world.

      I would take it as axiomatic that any system, anywhere is vulnerable to subversion as a consequence of any number of unknown defects in just about any component either by itself or in combination.

      Most defects will never be discovered before the last system is turned off. I am sure Multix had such flaws but no one is ever going to bother looking now.

      12 1 Reply
    3. ChoHag Silver badge
      Reply Icon
      Trollface

      Re: If you are *already* in such a sad state ...

      <TheReg> Local privilege exploit! Get patching!

      <Coward> Useless. You should not have malicious local users.

      <TheReg> Remote shell exploit! Get patching!

      https://www.theregister.com/2024/03/29/malicious_backdoor_xz/

      23 1 Reply
      1. steelpillow Silver badge
        Reply Icon
        Holmes

        Re: If you are *already* in such a sad state ...

        That is not how I read it. The AC is pointing out that if your box is already compromised, then it is already game over. Don't waste effort shutting the stable door after the horse has bolted, go after the feckin' horse!

        12 1 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: If you are *already* in such a sad state ...

          ... AC is pointing out that if your box is already compromised ...

          Thank you for that.

          That said, I cannot but wonder why so many of my fellow tards did not get it.

          Maybe because it was friday?

          Have a Happy [whatever you do at this time of the year].

          .

          5 8 Reply
          1. steelpillow Silver badge
            Reply Icon
            Joke

            Re: If you are *already* in such a sad state ...

            Many of us are autistic-spectrum geeks who regard the English language as strongly typed and cannot grok loosely-typed turns of phrase - i.e. 99.9% of all written English and 105% of all spoken English. I only get by because I parse the semantics for intended sanity using fuzzy logic, rather than parsing the grammar and syntax using binary logic.

            17 1 Reply
        2. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: If you are *already* in such a sad state ...

          But if you have more than one horse. You should shut the stable door. Then go after the missing horse.

          4 0 Reply
          1. jake Silver badge
            Reply Icon

            Re: If you are *already* in such a sad state ...

            Horses are usually[0] housed in individual stalls, each of which has it's own door. If all your horses can exit via a single door, your barn/stable security is badly b0rken.

            [0] there are still barns out there that use tie-stalls (look it up), but they are few and far between.

            0 0 Reply
          2. nijam Silver badge
            Reply Icon

            Re: If you are *already* in such a sad state ...

            > But if you have more than one horse.

            Horses are herd animals, thay've all run away togther.

            1 0 Reply
            1. MyffyW Silver badge
              Reply Icon

              Re: If you are *already* in such a sad state ...

              I seem to have somebody else's horse in my bathroom - what should I do?

              0 0 Reply
              1. jake Silver badge
                Reply Icon

                Re: If you are *already* in such a sad state ...

                Not sure if you are bragging, in need of a decorator, or looking for an exterminator ... regardless, I'd recommend asking somebody else, it's obviously their problem.

                There is a woman in Petaluma who breeds miniature horses. She thinks it's "fun" to bring them into the house. I suppose it might be ... if you think it's "fun" cleaning carpets and trying to get horse urine out of hardwood floors. Not recommended.

                1 0 Reply
    4. Version 1.0 Silver badge
      Reply Icon
      Go

      Re: If you are *already* in such a sad state ...

      If you are already in such a sad state, a vulnerable machine is the least of your problems. ...

      A lot of down votes, but at least you didn't say: "Systems Hacked Inside Technology !"

      2 0 Reply
    5. Michael Wojcik Silver badge
      Reply Icon

      Re: If you are *already* in such a sad state ...

      Defense in depth.

      The idea that vulnerability to LPE means there's no point in improving security is a great example of how people in this industry continue to fundamentally misunderstand security.

      4 0 Reply
    6. Grogan Silver badge
      Reply Icon

      Re: If you are *already* in such a sad state ...

      While it can't be used to dismiss the problem, I agree with you. Those people should not be users in the first place.

      I wouldn't trust my own mother with a shell account on my mail server, for example.

      Vulnerable software though, that's something the operator needs to be attentive to. Bloody Hell, a decade ago I got owned through exim (a mail transfer agent, like sendmail but supposedly simpler and safer lol) just after a few days of not knowing about it and not upgrading it (I was on an older software load and had to compile things like that to upgrade them). Fortunately I'm fairly attentive and noticed the fuckery immediately. A system process in the list spelled wrong (mimicking). The exploit actually got root! It was able to drop jobs in root's cron. I was VERY lucky that whatever gang didn't come to reap their rewards yet. It cost me an all nighter of poring over the scripts, following paths, deleting files, hunting and poking. I dropped in a new kernel, forced reinstalls of some system packages (all of that just in case, I don't think anything was actually compromised yet), upgraded all internet facing daemons etc. and had no more problems. That gave me the bloody creeps forever. I get a new server now when the software load is EOL.

      1 0 Reply
  2. kneedragon

    Bleeping Computer

    I notice that all the major sources are reporting this, but top of the list. as provided by Google, as always, is Bleeping Computer, and they're having a field-day!

    "Stop Everything! Your Linux is FARQUED! Everybody who uses Linux is FARQUED! We told you a thousand times! Our friends at Microsoft agree, that the only safe way to run Linux, is inside Windows. What more evidence do you need? What kind of idiot would use Linux?"

    I could go along with their report, if it wasn't for the tone of self-righteous triumph in it.

    "How many times do we have to tell you? Our friends at Microsoft confirm, Linux is shit unless it's run in the Windows subsystem, and even then ~"

    The most irritating part, is they almost have a point this time.

    Remind me, why do they call it Good Friday?

    11 11 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Bleeping Computer

      > Remind me, why do they call it Good Friday

      Because it is a Good Friday for all Good Admins to have been in work, patching kernels.

      Whilst their Users are at away at the time honoured ritual of Sitting On The M25 and playing another round of I Spy With My Little Eye Another Google Maps User Shouting At Their Phone And If You Mention Going Via Droitwich One More Time I Will Scream.

      15 0 Reply
    2. steelpillow Silver badge
      Reply Icon
      Holmes

      Re: Bleeping Computer

      Truth is, the only safe way to run Windows is in a VM on a Linux box and install a decent web browser.

      Those goons don't even know how to spell FSCK-ed!

      13 8 Reply
    3. Ball boy Silver badge
      Reply Icon
      Joke

      Re: Bleeping Computer

      They have a point: if you ditch *nix and run Redmond code, the baddies might still come after you - but your hardware will be so tied up BSOD'ing, dropping its peripherals or simply rebooting after the weekly patch regime, they won't get enough CPU time to do any real damage.

      /joke. Downvote if you've lost your sense of humour in all this

      28 4 Reply
    4. nijam Silver badge
      Reply Icon

      Re: Bleeping Computer

      > Remind me, why do they call it Good Friday?

      Because easter - despite having been hijack by christianity - is very obviously a fertility celebration ... a rite of Spring, if you prefer.

      1 0 Reply
      1. Zolko Silver badge
        Reply Icon

        Re: Bleeping Computer

        Easter – despite having been hijack by Christianity

        you mean like: "This Jesus bloke chose to be crucified during Easter, how rude of him " ?

        1 1 Reply
        1. jake Silver badge
          Reply Icon

          Re: Bleeping Computer

          Jesus wasn't crucified,t he other guy was. Read your bible, it's all in there in black and white.

          If you read the gospels for content, you'll discover that Pontius Pilate didn't want to crucify Jesus. You'll also discover that Jesus was imprisoned with a murderer that Pilate wanted to put to death. The murderer's name? Barabbas. What does Bar Abba mean in Aramaic? In English, it means "Son of The Father".

          Now, nobody was allowed to speak the name of God (except the High Priest, on the Day Of Atonement) ... Instead, they called God "The Father" in day-to-day life. So when Pilate asked both men their names (Roughly, "Are you the Son of the Father?"), they would have replied in the affirmative. Throw into the mix the Essenes, well known for causing mini-riots, chanting "crucify him!" for the OTHER Barabbas, and you have a logical explanation for the "risen from the dead" myth.

          This would also explain why the supposedly "dead" Jesus was seen walking BACK to the tomb by Mary of Magdala ... They had just switched out the real dead body, and Jesus hadn't managed to get back to the tomb fast enough to complete the illusion. Faking the nail & spear & thorn wounds on his hands, side & head would be trivial.

          Some traditions later have Pilate and his wife martyred as xtians ...

          0 1 Reply
  3. Doctor Syntax Silver badge

    "The latest method has been called Dirty Pagedirectory"

    Looking at the CVEnumber, perhaps it should be called Domesday.

    8 0 Reply
    1. Joe W Silver badge
      Reply Icon
      Pint

      brilliant! True history geekism for the win!

      Have a modern one of those ---->

      1 0 Reply
  4. Michael Wojcik Silver badge

    Good exploit...

    ... terrible blog. Notselwyn's use of HTML is the worst I've seen in months. That thing is unreadable.

    0 0 Reply
  5. Grogan Silver badge

    ... and distro kernels dutifully have all the modules built, and they'll load with udev on invocation, so whenever there's something like this, it's available :-)

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like