#LPE — Local Privilege Escalation.
-
#LPE — Local Privilege Escalation. A class of vulnerabilities that need a local user account on the target machine to reach higher levels of privilege, up to superuser/root
#RCE — Remote Code Execution. A class of vulnerabilities that can be exploited over unprivileged network connections, giving the attacker privileged access to the target machine.
#CopyFail, #DirtyFrag are LPEs that affect Linux systems. LPEs are typically harder to exploit than RCEs.
Hope this helps to avoid Clickbait.
-
#LPE — Local Privilege Escalation. A class of vulnerabilities that need a local user account on the target machine to reach higher levels of privilege, up to superuser/root
#RCE — Remote Code Execution. A class of vulnerabilities that can be exploited over unprivileged network connections, giving the attacker privileged access to the target machine.
#CopyFail, #DirtyFrag are LPEs that affect Linux systems. LPEs are typically harder to exploit than RCEs.
Hope this helps to avoid Clickbait.
Do we actually know that CopyFail cannot be exploited remotely for sure though? Isn't it accessible through IPSec or something?
-
Do we actually know that CopyFail cannot be exploited remotely for sure though? Isn't it accessible through IPSec or something?
@agowa338 @jwildeboer dirtyfrag uses the ESP (encapsulating security payload) module that is part of IPSec. Still only exploitable locally.
Ofc, exploits can be chained (reverse shell would be an example of getting lesser privilege user rights) but the original post is still correct. -
@agowa338 @jwildeboer dirtyfrag uses the ESP (encapsulating security payload) module that is part of IPSec. Still only exploitable locally.
Ofc, exploits can be chained (reverse shell would be an example of getting lesser privilege user rights) but the original post is still correct.I was talking about CopyFail, the first one, wasn't the kernel module that had that bug mainly used for handling the encryption in older IPSec implementations?
-
#LPE — Local Privilege Escalation. A class of vulnerabilities that need a local user account on the target machine to reach higher levels of privilege, up to superuser/root
#RCE — Remote Code Execution. A class of vulnerabilities that can be exploited over unprivileged network connections, giving the attacker privileged access to the target machine.
#CopyFail, #DirtyFrag are LPEs that affect Linux systems. LPEs are typically harder to exploit than RCEs.
Hope this helps to avoid Clickbait.
@jwildeboer Good distinction to be aware of. Just to clarify, both can apply:
#RCE must not be privileged. It gives *any* kind of remote capability to run code. Could e.g. be with the highly restricted privileges of the web server process.
An #LPE vulnerability like #CopyFail or #DirtyFrag could however be chained with such an RCE vulnerability to get full root access to the target.
-
@jwildeboer Good distinction to be aware of. Just to clarify, both can apply:
#RCE must not be privileged. It gives *any* kind of remote capability to run code. Could e.g. be with the highly restricted privileges of the web server process.
An #LPE vulnerability like #CopyFail or #DirtyFrag could however be chained with such an RCE vulnerability to get full root access to the target.
@jfkimmes Feel free to read as "a level of access that goes beyond what was intended" or something similar. My point is that many out there fail to mention the current wave is LPE, not RCE and that LPEs have a different risk assessment than RCEs.
-
@jfkimmes Feel free to read as "a level of access that goes beyond what was intended" or something similar. My point is that many out there fail to mention the current wave is LPE, not RCE and that LPEs have a different risk assessment than RCEs.
@jwildeboer Totally, I appreciate your post and meant this as more of a clarification that it's not black and white, and both can apply.
-
#LPE — Local Privilege Escalation. A class of vulnerabilities that need a local user account on the target machine to reach higher levels of privilege, up to superuser/root
#RCE — Remote Code Execution. A class of vulnerabilities that can be exploited over unprivileged network connections, giving the attacker privileged access to the target machine.
#CopyFail, #DirtyFrag are LPEs that affect Linux systems. LPEs are typically harder to exploit than RCEs.
Hope this helps to avoid Clickbait.
@jwildeboer But when you write "need a local user account", many people tend to read that it means "a regular account with a shell". Actually, it can be any daemon process, even unprivileged, with a command injection (see the recent Apache RCE…).
-
@jwildeboer But when you write "need a local user account", many people tend to read that it means "a regular account with a shell". Actually, it can be any daemon process, even unprivileged, with a command injection (see the recent Apache RCE…).
@bortzmeyer Yes, ultimately an RCE is also an LPE because typically you exploit a networked service that runs as a user process. But let's keep things accessible. When more people understand that from a risk assessment RCE >> LPE, that's already a bit of progress.
-
@bortzmeyer Yes, ultimately an RCE is also an LPE because typically you exploit a networked service that runs as a user process. But let's keep things accessible. When more people understand that from a risk assessment RCE >> LPE, that's already a bit of progress.
@jwildeboer CVE-2026-23918 against Apache HTTPD was / is at the same time than CopyFail / DirtyFrag and could have been a good way to execute the POC.
-
R relay@relay.publicsquare.global shared this topic
