‘Dirty Frag’ Linux flaw one-ups CopyFail with no patches and public root exploit

Posted onAuthorCyber Security Review

Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE

A fresh Linux privilege escalation bug dubbed “Dirty Frag” has dropped into the wild with no patches, no CVE, and a public exploit that hands attackers root access across major distributions.Security researcher Hyunwoo Kim disclosed the local privilege escalation flaw on Friday after what he said was a broken embargo forced the issue into the open.

Kim described Dirty Frag as a “universal LPE” affecting “all major distributions” and warned that it delivers the same kind of immediate root access as the recent CopyFail mess – only this time, defenders do not even have patches to throw at the problem.

Read more…
Source:  The Register News

Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox

Related:

  • Using Botnets to Manipulate Energy Markets for Big Profits

    August 6, 2020

    Researchers are warning that a new class of botnets could be marshaled and used to manipulate energy markets via zombie armies of power-hungry connected devices such as air conditioners, heaters, dryers and digital thermostats. A coordinated attack could cause an energy stock index to predictably go up or down – creating an opportunity for a ...

  • Cisco alert: Four high-severity flaws in routers, switches and AnyConnect VPN for Windows

    August 6, 2020

    Cisco is urging customers to update small business switches, its DNA Center software, routers with its StarOS software, and its AnyConnect Secure Mobility VPN client for Windows. Cisco has disclosed a bug in the IPv6 packet processing engine of several Cisco Small Business Smart and Managed Switches that could allow a remote attacker without credentials to ...

  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

    August 6, 2020

    A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies across the world since March 2020. The recent campaigns target senior positions in the United States and Canada. The fraudsters, whom we named “Water Nue,” primarily target accounts of ...

  • Linux Spyware Stack Ties Together 5 Chinese APTs

    August 5, 2020

    A stack of Linux backdoor malware used for espionage, compiled dynamically and customizable to specific targets, is being used as a shared resource by five different Chinese-language APT groups, according to researchers. According to an analysis from BlackBerry released at Black Hat 2020 on Wednesday, those five groups have turned out to all be splinters of ...

  • How hackers gain root access to SAP enterprise servers through SolMan

    August 5, 2020

    Researchers have demonstrated how a set of vulnerabilities in SAP Solution Manager could be exploited to obtain root access to enterprise servers. Speaking at Black Hat USA on Wednesday, Onapsis cybersecurity researchers Pablo Artuso and Yvan Genuer explained how the bugs were found in SAP Solution Manager (SolMan), a system comparable to Windows Active Directory. SolMan is ...

  • Canon hit by Maze Ransomware attack, 10TB data allegedly stolen

    August 5, 2020

    Canon has suffered a ransomware attack that impacts numerous services, including Canon’s email, Microsoft Teams, USA website, and other internal applications. BleepingComputer has been tracking a suspicious outage on Canon’s image.canon cloud photo and video storage service resulting in the loss of data for users of their free 10GB storage feature. The image.canon site suffered an outage ...