On 4/30/26 17:11, Ted Mittelstaedt wrote:
> I can confirm that the latest apt-get update to Ubuntu 24.04 as of a few
> minutes ago is disabling the aead module.
>
> For an un-updated system, running python3 copy_fail_exp.py gets you a root
> shell. For an updated system it gets an error. For Ubuntu 26.04 it merely
> asks for the root password.
>
> Ted
>
>
or run
find / * -perm -4004 -type f -exec ls -ld {} \; > setuid.txt
and remove 'r' flag from user, user group, and other group.
On Slackware, most setuid root utilities are not user readable.
# ls -l /usr/bin/sudo
-rws--x--x 1 root root 289800 Jul 26 2025 /usr/bin/sudo*
# ls -l /bin/su
-rws--x--x 1 root root 59552 Feb 13 2021 /bin/su*
There are a few that are unfortunately.
This will mitigate the exploit until patched.
-Ed
