this post was submitted on 25 Aug 2024
101 points (94.7% liked)
Technology
59217 readers
2528 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
"Malware"? Fucking cybersec press is the worst.
What's next, they're gonna call "sudo" a 0-day vuln?
Not 0-day but it had a vew privilege escalation vulns already. https://thekh4tt4k.medium.com/sudo-vulnerability-in-linux-lead-to-privilege-escalation-cve-2023-22809-fbb7f300ef49
Sure, but this isn't a privilege escalation, this requires privilege escalation, and it merely installs a backdoor that preserves that privilege.
It's like installing something in cron or systemd, it's not a vulnerability in itself, but it can allow an attacker to add a backdoor once they exploit a vulnerability once.
Ah fine, that was the first result in google, i didn't read it enough. But there were some privilege escalations in sudo and lots more of misconfiguration. https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sudo