upvote

points

by MarleTangible17 hours ago |
comments
upvoteby oskarkk17 hours ago|
next
[-]
Strange that it's not classified as "high", which specifically includes "local root privilege escalations".

> High: A significant problem, typically exploitable for nearly all users in a default installation of Ubuntu. Includes serious remote denial of service, local root privilege escalations, local data theft, and data loss.

reply
upvoteby amarant15 hours ago|
parent|
[-]
It is high now, someone at canonical is paying attention it seems
reply
upvoteby markhahn9 hours ago|
prev|
next
[-]
if your model is that linux is just about single-user desktops, this local exploit isn't too bad. or if your model is nothing but DB servers or the like.

mystifying to me that shared, multi-user machines are not thought of. for instance, I administer a system with 27k users - people who can login. even if only 1/10,000 of them are curious/malicious/compromised, we (Canadian national research HPC systems) are at risk. yes, this is somewhat uncommon these days, when shell access is not the norm.

but consider the very common sort of shared hosting environment: they typically provide something like plesk to interface to shared machines with no particular isolation. can you (as a website owner or 0wner) convince wordpress/etc to drop and execute a script? yep.

reply
upvoteby AntiUSAbah54 minutes ago|
parent|
next
[-]
Not to bad? So we just threat linux overall as a single user system or what?
reply
upvoteby CGamesPlay6 hours ago|
parent|
prev|
[-]
> if your model is that linux is just about single-user desktops, this local exploit isn't too bad.

For example, if you have passwordless sudo, you've already got a widely known LPE vulnerability lurking on your system.

reply
upvoteby dwedge4 hours ago|
parent|
next
[-]
Only for your user, and it means a keylogger on the system if it gets rooted can't pull your password to try on other machines. Personally I always either login as root or use passwordless sudo.
reply
upvoteby XorNot3 hours ago|
parent|
[-]
Yubikeys are also surprisingly annoying when setup for the as well. A working developer just needs sudo a lot.

Realistically a "sudo button" would be handy, on the keyboard, with a display to show a confirmation pin for the request (probably also needs a deny button so you can try and identify weird ones).

reply
upvoteby oviet5 hours ago|
parent|
prev|
[-]
hmm have i missed anything?
reply
upvoteby OvervCW4 hours ago|
parent|
[-]
Any program on your computer can just run "sudo" to escalate itself.
reply
upvoteby dwedge4 hours ago|
prev|
next
[-]
Local access is a bit of a misnomer though, a vulnerable website can be tricked into running a script
reply
upvoteby daveoc6415 hours ago|
prev|
next
[-]
Ubuntu seems to have updated the page to say that it's a high priority now.
reply
upvoteby 16 hours ago|
prev|
next
[-]
deleted
reply
upvoteby mghackerlady15 hours ago|
prev|
next
[-]
it's not like this couldn't be chained with some other exploit to get remote access to get remote root access which seems like a bit of an issue
reply
upvoteby 16 hours ago|
prev|
[-]
deleted
reply