New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora
thehackernews.com
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora
Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU).
SUID as well? It looks like everything that is in the sudo toolkit (like my enemy, setuid) is ripe for abuse.
Let's hope systemd run0 becomes stable soon enough.