<![CDATA[#LPE — Local Privilege Escalation.]]> — Local Privilege Escalation. A class of vulnerabilities that need a local user account on the target machine to reach higher levels of privilege, up to superuser/root

— Remote Code Execution. A class of vulnerabilities that can be exploited over unprivileged network connections, giving the attacker privileged access to the target machine.

, are LPEs that affect Linux systems. LPEs are typically harder to exploit than RCEs.

Hope this helps to avoid Clickbait.

]]>https://board.circlewithadot.net/topic/62fe8b51-6f75-40f5-8fc6-30afac0621b3/lpe-local-privilege-escalation.RSS for NodeThu, 14 May 2026 23:25:26 GMTFri, 08 May 2026 10:09:53 GMT60<![CDATA[Reply to #LPE — Local Privilege Escalation. on Fri, 08 May 2026 11:03:49 GMT]]>@jwildeboer CVE-2026-23918 against Apache HTTPD was / is at the same time than CopyFail / DirtyFrag and could have been a good way to execute the POC.

]]>https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116538620624981219https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116538620624981219Fri, 08 May 2026 11:03:49 GMT<![CDATA[Reply to #LPE — Local Privilege Escalation. on Fri, 08 May 2026 10:52:29 GMT]]>@bortzmeyer Yes, ultimately an RCE is also an LPE because typically you exploit a networked service that runs as a user process. But let's keep things accessible. When more people understand that from a risk assessment RCE >> LPE, that's already a bit of progress.

]]>https://board.circlewithadot.net/post/https://social.wildeboer.net/users/jwildeboer/statuses/116538576061045626https://board.circlewithadot.net/post/https://social.wildeboer.net/users/jwildeboer/statuses/116538576061045626Fri, 08 May 2026 10:52:29 GMT<![CDATA[Reply to #LPE — Local Privilege Escalation. on Fri, 08 May 2026 10:49:48 GMT]]>@jwildeboer But when you write "need a local user account", many people tend to read that it means "a regular account with a shell". Actually, it can be any daemon process, even unprivileged, with a command injection (see the recent Apache RCE…).

]]>https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116538565518251182https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116538565518251182Fri, 08 May 2026 10:49:48 GMT<![CDATA[Reply to #LPE — Local Privilege Escalation. on Fri, 08 May 2026 10:43:32 GMT]]>@jwildeboer Totally, I appreciate your post and meant this as more of a clarification that it's not black and white, and both can apply.

]]>https://board.circlewithadot.net/post/https://social.tinycyber.space/users/jfkimmes/statuses/116538540868835320https://board.circlewithadot.net/post/https://social.tinycyber.space/users/jfkimmes/statuses/116538540868835320Fri, 08 May 2026 10:43:32 GMT<![CDATA[Reply to #LPE — Local Privilege Escalation. on Fri, 08 May 2026 10:40:04 GMT]]>@jfkimmes Feel free to read as "a level of access that goes beyond what was intended" or something similar. My point is that many out there fail to mention the current wave is LPE, not RCE and that LPEs have a different risk assessment than RCEs.

]]>https://board.circlewithadot.net/post/https://social.wildeboer.net/users/jwildeboer/statuses/116538527206216236https://board.circlewithadot.net/post/https://social.wildeboer.net/users/jwildeboer/statuses/116538527206216236Fri, 08 May 2026 10:40:04 GMT<![CDATA[Reply to #LPE — Local Privilege Escalation. on Fri, 08 May 2026 10:36:09 GMT]]>@jwildeboer Good distinction to be aware of. Just to clarify, both can apply:

must not be privileged. It gives *any* kind of remote capability to run code. Could e.g. be with the highly restricted privileges of the web server process.

An vulnerability like or could however be chained with such an RCE vulnerability to get full root access to the target.

]]>https://board.circlewithadot.net/post/https://social.tinycyber.space/users/jfkimmes/statuses/116538511829954414https://board.circlewithadot.net/post/https://social.tinycyber.space/users/jfkimmes/statuses/116538511829954414Fri, 08 May 2026 10:36:09 GMT<![CDATA[Reply to #LPE — Local Privilege Escalation. on Fri, 08 May 2026 10:20:08 GMT]]>@silhouette @jwildeboer

I was talking about CopyFail, the first one, wasn't the kernel module that had that bug mainly used for handling the encryption in older IPSec implementations?

]]>https://board.circlewithadot.net/post/https://chaos.social/users/agowa338/statuses/116538448810016404https://board.circlewithadot.net/post/https://chaos.social/users/agowa338/statuses/116538448810016404Fri, 08 May 2026 10:20:08 GMT<![CDATA[Reply to #LPE — Local Privilege Escalation. on Fri, 08 May 2026 10:18:29 GMT]]>@agowa338 @jwildeboer dirtyfrag uses the ESP (encapsulating security payload) module that is part of IPSec. Still only exploitable locally.

Ofc, exploits can be chained (reverse shell would be an example of getting lesser privilege user rights) but the original post is still correct.

]]>https://board.circlewithadot.net/post/https://dumbfuckingweb.site/users/silhouette/statuses/01KR3HH35JC1W1FEN473SV4SF3https://board.circlewithadot.net/post/https://dumbfuckingweb.site/users/silhouette/statuses/01KR3HH35JC1W1FEN473SV4SF3Fri, 08 May 2026 10:18:29 GMT<![CDATA[Reply to #LPE — Local Privilege Escalation. on Fri, 08 May 2026 10:12:29 GMT]]>@jwildeboer

Do we actually know that CopyFail cannot be exploited remotely for sure though? Isn't it accessible through IPSec or something?

]]>https://board.circlewithadot.net/post/https://chaos.social/users/agowa338/statuses/116538418724939965https://board.circlewithadot.net/post/https://chaos.social/users/agowa338/statuses/116538418724939965Fri, 08 May 2026 10:12:29 GMT