That may work for now however according to: https://xint.io/blog/copy-fail-linux-distributions
"...The scan also identified other high severity vulnerabilities, including another privilege escalation bug. These other bugs are still in the responsible disclosure process." And we know now that from xinit's POV responsible disclosure means insert a patch then wait 30 days and publish a zero day. So this isn't going to be the only one of these rodeos. It's just the first. Ted -----Original Message----- From: PLUG <[email protected]> On Behalf Of King Beowulf Sent: Friday, May 1, 2026 7:46 AM To: [email protected] Subject: Re: [PLUG] exploit in the wild On 4/30/26 17:11, Ted Mittelstaedt wrote: > I can confirm that the latest apt-get update to Ubuntu 24.04 as of a few > minutes ago is disabling the aead module. > > For an un-updated system, running python3 copy_fail_exp.py gets you a root > shell. For an updated system it gets an error. For Ubuntu 26.04 it merely > asks for the root password. > > Ted > > or run find / * -perm -4004 -type f -exec ls -ld {} \; > setuid.txt and remove 'r' flag from user, user group, and other group. On Slackware, most setuid root utilities are not user readable. # ls -l /usr/bin/sudo -rws--x--x 1 root root 289800 Jul 26 2025 /usr/bin/sudo* # ls -l /bin/su -rws--x--x 1 root root 59552 Feb 13 2021 /bin/su* There are a few that are unfortunately. This will mitigate the exploit until patched. -Ed
