Linux's Latest Vulnerability Allows Reading Root-Owned Files By Unprivileged Users
([Linux Kernel] 2 Hours Ago
ssh-keysign-pwn)
- Reference: 0001633776
- News link: https://www.phoronix.com/news/Linux-ssh-keysign-pwn
- Source link:
Following [1]Dirty Frag , [2]Fragnesia , and other Linux kernel vulnerabilities making themselves known in recent days, the latest now is ssh-keysign-pwn.
With ssh-keysign-pwn, unprivileged users are able to read root-owned files. That affects all Linux kernel releases up through today's latest Linux Git state as of earlier today.
The ssh-keysign-pwn was reported by Qualys and fixed by the mainline Linux kernel earlier today. [3]This patch to adjust the kernel's ptrace behavior is what fixes the issue.
More details on ssh-keysign-pwn can be found via [4]this GitHub repository .
[1] https://www.phoronix.com/news/Dirty-Frag-Linux
[2] https://www.phoronix.com/news/Linux-Fragnesia
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a
[4] https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
With ssh-keysign-pwn, unprivileged users are able to read root-owned files. That affects all Linux kernel releases up through today's latest Linux Git state as of earlier today.
The ssh-keysign-pwn was reported by Qualys and fixed by the mainline Linux kernel earlier today. [3]This patch to adjust the kernel's ptrace behavior is what fixes the issue.
More details on ssh-keysign-pwn can be found via [4]this GitHub repository .
[1] https://www.phoronix.com/news/Dirty-Frag-Linux
[2] https://www.phoronix.com/news/Linux-Fragnesia
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a
[4] https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn