#copyfail

Reply to #copyfail on Thu, 30 Apr 2026 16:21:37 GMT

viss@mastodon.social — Thu, 30 Apr 2026 16:21:37 GMT

@nyanbinary its like our brains are touching again

Reply to #copyfail on Thu, 30 Apr 2026 07:20:03 GMT

nyanbinary@infosec.exchange — Thu, 30 Apr 2026 07:20:03 GMT

@Viss yip, thats pretty much the summary I shit out this morning for the folx that will have to talk to management - patch is a must but due to our environments nature this isnt a "all hands on deck" thing, especially as most of the distros we use havent pushed versions yet afaik

Reply to #copyfail on Thu, 30 Apr 2026 02:52:18 GMT

viss@mastodon.social — Thu, 30 Apr 2026 02:52:18 GMT

@FritzAdalis if theres a way to inject a command or run code, yep

Reply to #copyfail on Thu, 30 Apr 2026 02:50:46 GMT

fritzadalis@infosec.exchange — Thu, 30 Apr 2026 02:50:46 GMT

@Viss
So you mean that Internet-facing Debian 8 box they refuse to turn off is fucked?

Reply to #copyfail on Thu, 30 Apr 2026 02:35:31 GMT

viss@mastodon.social — Thu, 30 Apr 2026 02:35:31 GMT

@bhhaskin ot may have shit so old it predates this bug, but also most ot is weird custom bullshit and not the linux kernel, which is largely already a massive problem for ot

Reply to #copyfail on Thu, 30 Apr 2026 02:31:36 GMT

bhhaskin@social.bitsofsimplicity.com — Thu, 30 Apr 2026 02:31:36 GMT

@Viss what do you think, about a billion dollars in OT tonight?

(Just kidding, IT doesn't get OT)

Reply to #copyfail on Thu, 30 Apr 2026 02:29:49 GMT

viss@mastodon.social — Thu, 30 Apr 2026 02:29:49 GMT

@bhhaskin oh im 100% sure theres some absolute shithouse madness going on behind the scenes somewhere.

theres probably also a teeeeenyy tiny subset of folks whove been sitting on this bug for ten years who are now super fuckin pissed its burned

and if any of them can see this, my condolences and hat tip me somewhere incase vault7 ever happens again. nerds love it when they get quiet shoutouts like that.

Reply to #copyfail on Thu, 30 Apr 2026 02:23:57 GMT

bhhaskin@social.bitsofsimplicity.com — Thu, 30 Apr 2026 02:23:57 GMT

@Viss I am betting some state sponsored agencies are not very happy tonight. Same with sys admins and IT departments everywhere lol

Reply to #copyfail on Thu, 30 Apr 2026 02:20:31 GMT

mirabilos@toot.mirbsd.org — Thu, 30 Apr 2026 02:20:31 GMT

@Viss you don’t need to depmod

Reply to #copyfail on Thu, 30 Apr 2026 02:13:43 GMT

viss@mastodon.social — Thu, 30 Apr 2026 02:13:43 GMT

@paul_ipv6 @rootwyrm @cR0w @da_667 @reverseics i am eager to see godaddy catch fire sometime in the near future

Reply to #copyfail on Thu, 30 Apr 2026 02:13:15 GMT

viss@mastodon.social — Thu, 30 Apr 2026 02:13:15 GMT

@bhhaskin yeah now you can shell the host its on, theeeeeeeen its a party

Reply to #copyfail on Thu, 30 Apr 2026 02:12:51 GMT

viss@mastodon.social — Thu, 30 Apr 2026 02:12:51 GMT

@onyxraven there are so many angles on this thing

Reply to #copyfail on Thu, 30 Apr 2026 02:00:35 GMT

onyxraven@hachyderm.io — Thu, 30 Apr 2026 02:00:35 GMT

@Viss or be ready for supply chain exploits doing this to dependencies or typosquats. Then pushing that into containers. That’s the path I’m concerned about

Reply to #copyfail on Thu, 30 Apr 2026 01:27:51 GMT

bhhaskin@social.bitsofsimplicity.com — Thu, 30 Apr 2026 01:27:51 GMT

@Viss just think of all the WordPress sites with RCE there where pretty useless up until now.

Reply to #copyfail on Thu, 30 Apr 2026 01:00:35 GMT

paul_ipv6@infosec.exchange — Thu, 30 Apr 2026 01:00:35 GMT

@Viss @rootwyrm @cR0w @da_667 @reverseics

*what*? perimeter and middleware boxen as platforms to exploite? surely not. they are *security* devices, so they must be more secure!

*choke* *gasp* *cough*

ok. couldn't get that all out with a straight face...

Reply to #copyfail on Thu, 30 Apr 2026 00:13:38 GMT

da_667@infosec.exchange — Thu, 30 Apr 2026 00:13:38 GMT

@Viss @cR0w @rootwyrm @reverseics and I'm tired of pretending its not

Reply to #copyfail on Thu, 30 Apr 2026 00:07:50 GMT

viss@mastodon.social — Thu, 30 Apr 2026 00:07:50 GMT

@cR0w @rootwyrm @da_667 @reverseics yes

Reply to #copyfail on Thu, 30 Apr 2026 00:05:28 GMT

cr0w@infosec.exchange — Thu, 30 Apr 2026 00:05:28 GMT

@Viss @rootwyrm @da_667 @reverseics you think it's funny? joker quote

Reply to #copyfail on Thu, 30 Apr 2026 00:01:04 GMT

viss@mastodon.social — Thu, 30 Apr 2026 00:01:04 GMT

@rootwyrm @cR0w @da_667 @reverseics its amusing that "firewall appliances" are going to have more surfaces exposed to exploit this thing than linux boxes

Reply to #copyfail on Wed, 29 Apr 2026 23:55:46 GMT

rootwyrm@weird.autos — Wed, 29 Apr 2026 23:55:46 GMT

@Viss @cR0w @da_667 @reverseics well yeah, I thought that was kinda obvious when I said basically anything that uses the crypto API could be exploited and www:www still has access to ../../../bin/bash

Reply to #copyfail on Wed, 29 Apr 2026 23:53:08 GMT

viss@mastodon.social — Wed, 29 Apr 2026 23:53:08 GMT

@rootwyrm the nation states are 100% gonna go for those edge cases tho. and its gonna hit shit like fortinets and ciscos and panw and ... hey @cR0w and @da_667 and @reverseics get in here, we're back to ../ again!

Reply to #copyfail on Wed, 29 Apr 2026 23:52:02 GMT

viss@mastodon.social — Wed, 29 Apr 2026 23:52:02 GMT

@rootwyrm im sure youre right, and that there will be edge cases where some one-off webhosted thinger or weirdo node app bullshit or custom binary doodad will have some path to trigger this thing - but the most commonly exploited scenario based on what ive seen the last few years in consulting land is gonna be shops with very lax security, shared accounts, injectable automated processing, ci/cd pipelines, and llm craps

Reply to #copyfail on Wed, 29 Apr 2026 23:51:26 GMT

scott@mastodon.clitheroe.ca — Wed, 29 Apr 2026 23:51:26 GMT

@Viss I keep saying at work "it should be considered production the second it's on the network", but it gets shot down because of ... existing PROCESSES. The easy, human, tribal knowledge shit that we could fix with the snap of our fingers and a couple meetings.

Reply to #copyfail on Wed, 29 Apr 2026 23:47:53 GMT

rootwyrm@weird.autos — Wed, 29 Apr 2026 23:47:53 GMT

@Viss so, yeah, about that?

You actually 100% do not need a shell to exploit. Maybe to gain root, but not necessarily.

You just need something that calls the crypto API in a way that creates a scatterlist with the broken function.

Which can be done by literally any program in userland.

If anyone needs me, I'm going to be chugging bottles of hemlock and strychnine and bleach.