GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Embed Notice

HTML Code

Corresponding Notice

  1. Embed this notice
    Will Dormann (wdormann@infosec.exchange)'s status on Friday, 01-May-2026 04:39:21 JSTWill DormannWill Dormann
    in reply to

    If you're curious about IOCs for copyfail, look in syslog for:
    NET: Registered PF_ALG protocol family
    for attempts to exploit copyfail on systems that use the vulnerable code as a module. For systems that have the vulnerable code compiled into the kernel, like RHEL, you'll see this line on every boot.
    And at least for this particular flavor of exploit, a wall-clock nearby:
    process 'su' launched '/bin/sh with NULL argv: empty string added`
    is an indication of successful exploitation.

    But it's worth noting that the "process launched" stuff is merely what the ITW PoC will leave behind. More clever exploitation may not be as obvious.

    In conversationabout 3 months ago from infosec.exchangepermalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/493/963/820/216/458/original/0b40e679216dba90.png
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.