Hi oss-sec,
few hours ago we had a webhost running Debian kernel
6.12.90+deb13.1-amd64
being compromised using a root exploit.
Unfortunately not with many useful traces left, the only obvious
happening was loading the af_alg module (not used by other modules).
I know that af_alg is marked as deprecated for 7.2, but is there any
known exploit or issue that affects kernels of current distribution?
We've blacklisted the module everywhere now.
Best regards,
Bernd
--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F