from Hacker News

Unauthenticated RCE vs. all GNU/Linux systems (+ others) disclosed 3 weeks ago

by jesboat on 9/23/24, 5:00 PM with 5 comments

  • by Prickle on 9/24/24, 12:54 AM

    > Not yet, according to the devs the plan is to disclose to openwall on september 30 and afterwards the full disclosure will happen on october 6

    So I understand this means we will need to wait till October 6 for more details. Would it be safe to assume anything being talked about right now is speculation?

  • by siptin on 9/24/24, 12:51 AM

    It's probably something that's unexploitable in practice or rarely enabled by default or both if the developers aren't too bothered about fixing it. Sounds like yet another vulnerability that's more hype than anything serious.

  • by theamk on 9/24/24, 3:49 PM

  • by jesboat on 9/23/24, 5:00 PM

    * Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.

    * Full disclosure happening in less than 2 weeks (as agreed with devs).

    * Still no working fix.