Comment on Stealthy 'sedexp' Linux malware evaded detection for two years
LainTrain@lemmy.dbzer0.com 2 months ago
“Malware”? Fucking cybersec press is the worst.
What’s next, they’re gonna call “sudo” a 0-day vuln?
Comment on Stealthy 'sedexp' Linux malware evaded detection for two years
LainTrain@lemmy.dbzer0.com 2 months ago
“Malware”? Fucking cybersec press is the worst.
What’s next, they’re gonna call “sudo” a 0-day vuln?
MonkderVierte@lemmy.ml 2 months ago
Not 0-day but it had a vew privilege escalation holes already. …medium.com/sudo-vulnerability-in-linux-lead-to-p…
sugar_in_your_tea@sh.itjust.works 2 months ago
Sure, but this isn’t a privilege escalation, this requires privilege escalation, and it merely installs a backdoor that preserves that privilege.
It’s like installing something in cron or systemd, it’s not a vulnerability in itself, but it can allow an attacker to add a backdoor once they exploit a vulnerability once.
MonkderVierte@lemmy.ml 2 months ago
Ah fine, that was the first result in google, i didn’t read it enough. But there were some privilege escalations in sudo and lots more of misconfiguration. cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sudo