I don't know what you spent your day doing, but I personally copy failed all day.
https://discourse.ifin.network/t/copy-fail-732-bytes-to-root-on-every-major-linux-distributions/342/27
#cve #linux
1
0
0
Veronica Olsen
@veronica@mastodon.online
System Architect ★ Software Developer ★ High Energy Physics PhD at Uni Oslo & CERN ★ Linux ★ Python ★ Open Source ★ Unicode Unicorn ★ ISO 8601 Enthusiast ★ Consumer of Sci-Fi ★ Hobby Writer ★ Born at 336 ppm CO₂ ★ She/They Open Source: https://novelwriter.io & https://fosstodon.org/@novelwriter Banner image from Wallpaper Access.
mastodon.online
Veronica Olsen
@veronica@mastodon.online
System Architect ★ Software Developer ★ High Energy Physics PhD at Uni Oslo & CERN ★ Linux ★ Python ★ Open Source ★ Unicode Unicorn ★ ISO 8601 Enthusiast ★ Consumer of Sci-Fi ★ Hobby Writer ★ Born at 336 ppm CO₂ ★ She/They Open Source: https://novelwriter.io & https://fosstodon.org/@novelwriter Banner image from Wallpaper Access.
mastodon.online
@veronica@mastodon.online
·
12h ago
15
0
16
💀 𝓕airchild 💀
@tankgrrl@hachyderm.io
Maggie McFee, Dr of Sarcastry - Maker, artist, GenX cyborg, actual cyborg, human greeblie. Repped by RC Josta. - HPC at a large university by day, mad science in a small house nights and weekends. - Former podcaster: Ruining It For Everyone, SciFi Idols. - Cambridge by way of Australia, Portland, Seattle, and a bunch of other places. - Sister to 1, daughter of 2, mother to 0, enemy of n. - Posts in English & French I make stuff. Non-Binary, They/She. 99% Human/1% machine #NeoLuddite
hachyderm.io
💀 𝓕airchild 💀
@tankgrrl@hachyderm.io
Maggie McFee, Dr of Sarcastry - Maker, artist, GenX cyborg, actual cyborg, human greeblie. Repped by RC Josta. - HPC at a large university by day, mad science in a small house nights and weekends. - Former podcaster: Ruining It For Everyone, SciFi Idols. - Cambridge by way of Australia, Portland, Seattle, and a bunch of other places. - Sister to 1, daughter of 2, mother to 0, enemy of n. - Posts in English & French I make stuff. Non-Binary, They/She. 99% Human/1% machine #NeoLuddite
hachyderm.io
@tankgrrl@hachyderm.io
·
15h ago
No warranty implied, use at your own risk. But this short C program can check if your Linux machine is still vulnerable to Copy Fail (there's also this page with python code from our friends in Estonia https://docs.hpc.ut.ee/public/cve-2026-31431/ )
Output includes "ARE available" or "NOT available"
Again: compile and run at your own risk. Don't just trust me blindly. Read the code. #CopyFail #CVE-2026-31431
==============
#include
#include
#include
#include
#include
#include
int main(void) {
int sock;
struct sockaddr_alg sa;
// Prepare sockaddr_alg for AEAD/GCM
memset(&sa, 0, sizeof(sa));
sa.salg_family = AF_ALG;
strcpy((char *)sa.salg_type, "aead");
strcpy((char *)sa.salg_name, "gcm(aes)");
// Try to create AF_ALG socket
sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (sock == -1) {
perror("socket(AF_ALG, aead)");
printf("algif_aead functions are NOT available (AF_ALG socket creation failed).\n");
return 1;
}
// Try to bind to AEAD/GCM
if (bind(sock, (struct sockaddr *)&sa, sizeof(sa)) == -1) {
perror("bind(AF_ALG, aead, gcm(aes))");
printf("algif_aead functions are NOT available (bind failed).\n");
close(sock);
return 1;
}
printf("algif_aead functions ARE available (AF_ALG AEAD bind succeeded).\n");
close(sock);
return 0;
}
2
0
0
ché, cómo están haciendo con esto: https://copy.fail/#copy-fail cve-2026-31431 #ciberseguridad #CVE #linux
0
0
0
Matthew Slowe
@fooflington@infosec.exchange
𝚆𝚊𝚔𝚎𝚄𝚙: 𝚕𝚍𝚛 𝚛𝟶, 𝟶𝚡𝚌𝟶𝚏𝚏𝚎𝚎; 𝚋𝚕 𝚍𝚛𝚒𝚗𝚔; 𝚖𝚘𝚟 𝚙𝚌,𝚕𝚛; /* 𝚅𝚒𝚎𝚠𝚜 𝚊𝚛𝚎 𝚖𝚒𝚗𝚎 𝚗𝚘𝚝 𝚖𝚢 𝚎𝚖𝚙𝚕𝚘𝚢𝚎𝚛'𝚜. */ Working in IT to help HE & FE (and other public sector) organisations work better together. Somewhere in the vicinity of the far South East of #England and occasionally in the farther reaches of #Scotland #photography #kent #highlands #linux #federation #eduroam #shibboleth #saml #itsecurity #highereducation #academia And it pains me to need to say that I do not consent to any third-party Mastodon or other fediverse instance's Terms of Service, as I am not a user of their service. All posts are my own, and permission to propagate them is always revocable.
infosec.exchange
Matthew Slowe
@fooflington@infosec.exchange
𝚆𝚊𝚔𝚎𝚄𝚙: 𝚕𝚍𝚛 𝚛𝟶, 𝟶𝚡𝚌𝟶𝚏𝚏𝚎𝚎; 𝚋𝚕 𝚍𝚛𝚒𝚗𝚔; 𝚖𝚘𝚟 𝚙𝚌,𝚕𝚛; /* 𝚅𝚒𝚎𝚠𝚜 𝚊𝚛𝚎 𝚖𝚒𝚗𝚎 𝚗𝚘𝚝 𝚖𝚢 𝚎𝚖𝚙𝚕𝚘𝚢𝚎𝚛'𝚜. */ Working in IT to help HE & FE (and other public sector) organisations work better together. Somewhere in the vicinity of the far South East of #England and occasionally in the farther reaches of #Scotland #photography #kent #highlands #linux #federation #eduroam #shibboleth #saml #itsecurity #highereducation #academia And it pains me to need to say that I do not consent to any third-party Mastodon or other fediverse instance's Terms of Service, as I am not a user of their service. All posts are my own, and permission to propagate them is always revocable.
infosec.exchange
@fooflington@infosec.exchange
·
1d ago
https://copy.fail/
Local Privilege Escalation in every Linux kernel since 2017
Hopefully no one is sitting on a low-privilege RCE...
#linux #security #rce #lpe #cve #CVE202631431
1
1
2
anchore
@anchore@mstdn.business
Securing and managing the software supply chain. Proud parent of https://fosstodon.org/@syft and https://fosstodon.org/@grype
mstdn.business
The CVE program averted a funding emergency, but the crises of the last few years—like the NVD stopping work in 2024 and the 2025 funding scare—have eroded trust in the existing system.
The biggest takeaway from the chaos? Everyone should have a plan B.
Read Josh Bressers deep dive into the current state of vulnerability identifiers, the loss of trust, and what to expect next. https://anchore.com/blog/cve-is-saved-but-theres-work-to-do/
#Cybersecurity #VulnerabilityManagement #CVE #NVD
1
0
0
sekurak News
@sekurakbot@mastodon.com.pl
Bot publikujący najnowsze wiadomości sekurak.pl 
https://sekurak.pl Publikowane wiadomości są widoczne tylko dla osób, które zdecydowały się obserwować to konto. Account by @kkrenski
mastodon.com.pl
sekurak News
@sekurakbot@mastodon.com.pl
Bot publikujący najnowsze wiadomości sekurak.pl https://sekurak.pl Publikowane wiadomości są widoczne tylko dla osób, które zdecydowały się obserwować to konto. Account by @kkrenski
mastodon.com.pl
@sekurakbot@mastodon.com.pl
·
Feb 16, 2026
Jak wtyczka do backupów w WordPress pozwalała na zdalne wykonanie kodu – CVE-2026-1357
Backupy są ważne i każdy kto choć raz padł ofiarą ataku lub spotkał się z awarią środowiska produkcyjnego wie o czym jest mowa. Do wykonywania kopii zapasowych istnieje szereg rozwiązań, zarówno darmowych jak i komercyjnych. Coraz częściej można się również spotkać ze specjalistycznymi narzędziami, jakim jest np. popularny plugin WPvivid...
#WBiegu #Backup #Bugbounty #Cve #Rce #Traversal #Wordpress
https://sekurak.pl/jak-wtyczka-do-backupow-w-wordpress-pozwalala-na-zdalne-wykonanie-kodu-cve-2026-1357/
0
0
0
hbrpgm
@hbrpgm@adalta.social
adalta.social
📺 https://peer.adalta.social/w/szNwziYVqZLTBwCgA6NWWf 🔗 🇩🇪🇺🇸🇫🇷
Une faille d’injection de code dans le système d’aide menace la stabilité des postes de travail critiques.
0
0
0
hbrpgm
@hbrpgm@adalta.social
adalta.social
📺 https://peer.adalta.social/w/mE7ZhqmZWLS2X9HU5NGNPL 🔗 🇩🇪🇺🇸🇫🇷
A high-severity code injection flaw in KeePass’s help system, while not actively exploited, presents a tangible risk of application crashes and workflow disruption through crafted HTML content.
0
0
0
hbrpgm
@hbrpgm@adalta.social
adalta.social
📺 https://peer.adalta.social/w/wXivcJdGsJsNDv46vvaEjc 🔗 🇩🇪🇺🇸🇫🇷
Eine Code-Injection-Schwachstelle im Hilfesystem der Passwort-Manager-Software kann zu Anwendungsabstürzen führen, stellt jedoch ein moderates Risiko dar.
0
0
0
hbrpgm
@hbrpgm@adalta.social
adalta.social
📺 https://peer.adalta.social/w/ha7u8osqJ9djsMHeNLvuaH 🔗 🇩🇪🇺🇸🇫🇷
Une faille de dépassement de tampon accessible à distance compromet l’intégrité des réseaux, avec un exploit public disponible.
0
0
0
hbrpgm
@hbrpgm@adalta.social
adalta.social
📺 https://peer.adalta.social/w/kpVddxKp2FBwhdvJ28fzU2 🔗 🇩🇪🇺🇸🇫🇷
A publicly released exploit for a critical buffer overflow in Tenda routers demands immediate action from network defenders.
0
0
0
hbrpgm
@hbrpgm@adalta.social
adalta.social
📺 https://peer.adalta.social/w/jG6JrBKpEnD9cTemxKWzzY 🔗 🇩🇪🇺🇸🇫🇷
Ein veröffentlichter Proof-of-Concept-Exploit für einen Remote-Buffer-Overflow erhöht das Risiko für ungepatchte Netzwerke erheblich.
0
0
0
hbrpgm
@hbrpgm@adalta.social
adalta.social
📺 https://peer.adalta.social/w/1yG6uMbdZ6ERmwL2Sfck4Q 🔗 🇩🇪🇺🇸🇫🇷
Une vulnérabilité publique et exploitée sur un équipement non maintenu représente un risque de priorité 1 pour les réseaux hérités.
0
0
0
hbrpgm
@hbrpgm@adalta.social
adalta.social
📺 https://peer.adalta.social/w/snU5nCd7kRYQC28d23s8xm 🔗 🇩🇪🇺🇸🇫🇷
A publicly exploitable, remote OS command injection flaw in the unmaintained D-Link DIR-615 router poses a critical risk to consumer and small office networks.
0
0
0