Techly NewsGet the app

Get the latest tech news

Abusing Ubuntu 24.04 features for root privilege escalation


With the recent release of Ubuntu 24.04, we at Snyk Security Labs thought it would be interesting to examine the latest version of this Linux distribution to see if we could find any interesting privilege escalation vulnerabilities.

The problems begin when an attacker is able to compromise the user’s session, potentially through social engineering to execute a payload, or other exploitation ( I may not have Chrome full RCE vulnerabilities, but they’ve happened before). My assumption, based on previous experience and the strace output, was that the bind call return value would be checked, and if there was a symlink present, cupsd would quit with an error. A special shout out to the cups team who were able to produce a patch on the same day as the report which both fixes the direct vulnerability but also added additional security measures, which would have made it doubly difficult to exploit in the first place.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Features

Features

Photo of ubuntu

ubuntu

Related news:

News photo

Ubuntu 25.04 To Further Enhance Its Installer, Aims For Linux 6.14 Kernel

News photo

Thunderbolt 5 in New Macs: Features, Benefits, and Is It Needed?

News photo

The Morning After: Apple makes its iOS Find My features much more useful

« Atlas.co wants its web-based mapping tool to be the Figma of geospatial data
Five Eyes infosec agencies list 2024's most exploited software flaws »