I can't tell what you guys are talking about. I assume you're talking about a virus or an exploit. It seems that whatever you're talking about is explained in a rando web link in the original interest group email. Just how many of you guys click links in your emails when you're researching security? (I'm kidding, after about four emails, i just looked it up from an independent source. Still not sure if i use algif_aead but I'm the only user on my network, er,... that i know of....)
On Fri, May 1, 2026, 8:12 AM Ted Mittelstaedt <[email protected]> wrote: > That may work for now however according to: > > https://xint.io/blog/copy-fail-linux-distributions > > "...The scan also identified other high severity vulnerabilities, > including another privilege escalation bug. These other bugs are still in > the responsible disclosure process." > > And we know now that from xinit's POV responsible disclosure means insert > a patch then wait 30 days and publish a zero day. > > So this isn't going to be the only one of these rodeos. It's just the > first. > > Ted > > -----Original Message----- > From: PLUG <[email protected]> On Behalf Of King Beowulf > Sent: Friday, May 1, 2026 7:46 AM > To: [email protected] > Subject: Re: [PLUG] exploit in the wild > > On 4/30/26 17:11, Ted Mittelstaedt wrote: > > I can confirm that the latest apt-get update to Ubuntu 24.04 as of a few > minutes ago is disabling the aead module. > > > > For an un-updated system, running python3 copy_fail_exp.py gets you a > root shell. For an updated system it gets an error. For Ubuntu 26.04 it > merely asks for the root password. > > > > Ted > > > > > > or run > > find / * -perm -4004 -type f -exec ls -ld {} \; > setuid.txt > > and remove 'r' flag from user, user group, and other group. > > On Slackware, most setuid root utilities are not user readable. > > # ls -l /usr/bin/sudo > -rws--x--x 1 root root 289800 Jul 26 2025 /usr/bin/sudo* # ls -l /bin/su > -rws--x--x 1 root root 59552 Feb 13 2021 /bin/su* > > There are a few that are unfortunately. > > This will mitigate the exploit until patched. > > -Ed > > > >
