‘Dirty Frag’ Linux flaw one-ups CopyFail with no patches and public root exploit

Posted onAuthorCyber Security Review

Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE

A fresh Linux privilege escalation bug dubbed “Dirty Frag” has dropped into the wild with no patches, no CVE, and a public exploit that hands attackers root access across major distributions.Security researcher Hyunwoo Kim disclosed the local privilege escalation flaw on Friday after what he said was a broken embargo forced the issue into the open.

Kim described Dirty Frag as a “universal LPE” affecting “all major distributions” and warned that it delivers the same kind of immediate root access as the recent CopyFail mess – only this time, defenders do not even have patches to throw at the problem.

Read more…
Source:  The Register News

Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox

Related:

  • New Orleans attacker filmed visits to city weeks earlier, wore Meta smart glasses during attack

    January 5, 2025

    The New Orleans terrorist attacker visited the Louisiana city twice in the weeks before the attack and recorded video of the area using Meta smart glasses, the FBI revealed Sunday. Shamsud-Din Jabbar, 42, stayed at a rental home in New Orleans at the end of October and again in November, just weeks prior to his attack ...

  • Don’t Click Twice – New Chrome, Edge, Safari Hack Attack Warning

    January 5, 2025

    Hundreds of millions of web users have been warned about a new and dangerous cyber attack that doesn’t care what browser you use—as long as you click twice. Here’s everything you need to know about the double-clickjacking hack attack. Application security and client-side offensive exploit researcher Paulos Yibelo, with a long history of discovering vulnerabilities and ...

  • What We Know About CVE-2024-49112 and CVE-2024-49113

    January 4, 2025

    In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113, a denial-of-service (DoS) flaw with a 7.5 CVSS score. This blog entry provides an overview of these two vulnerabilities and includes information that ...

  • A Windows filetype update may have complicated cyber threat detection efforts

    January 4, 2025

    The use of archive files as malware delivery mechanisms is evolving, presenting challenges for Secure Email Gateways (SEGs), new research has claimed. A recent report by Cofense highlights how cybercriminals exploit various archive formats to bypass security protocols, particularly following a significant update to Windows in late 2023. Traditionally, .zip files have been the most common ...

  • Top AI Trends from 2024 – A Look Back

    January 3, 2025

    2024 may go down as the year AI stopped being a technological novelty and became—more consequentially—a Fact of Life. Big names like Microsoft, Salesforce, and Intuit built AI into mainstream enterprise solutions; specialized AI apps and services sprung up for everything from copywriting to data analysis; and governments, think tanks, and regulators poured effort into ...

  • Nigeria, South Africa, Algeria top targets for cyber attacks in 2024

    January 1, 2025

    In the first half of 2024, Nigeria saw 2,721 incidents, with the telecom sector, computer services sector, Data processing and hosting companies, and even local beauty salons having a fair dose of the attacks respectively. At the time, experts attributed the rise in cyberattacks to digital transformation initiatives the country was carrying out such as adoption ...