Forwarded from 咕 Billchan 咕 🐱 抹茶芭菲批发中心 (billchenchina 🏳️⚧️ | 缩缩)
Dirty Frag: Universal Linux LPE
和 Copy Fail 类似,绝大多数发行版可一键提权
禁用 esp4、esp6、rxrpc 可以缓解
https://dirtyfrag.io/
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4
https://lore.kernel.org/all/afKV2zGR6rrelPC7@v4bel/
exp: https://github.com/V4bel/dirtyfrag/blob/master/exp.c
和 Copy Fail 类似,绝大多数发行版可一键提权
禁用 esp4、esp6、rxrpc 可以缓解
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
https://dirtyfrag.io/
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4
https://lore.kernel.org/all/afKV2zGR6rrelPC7@v4bel/
exp: https://github.com/V4bel/dirtyfrag/blob/master/exp.c
CVE-2026-42945 NGINX Rift
建议用户尽快更新至 1.30.1 / 1.31.0 版本
Xref: https://my.f5.com/manage/s/article/K000161019
Nginx 被发现一个存在18年的内存损坏漏洞,可导致远程代码执行,利用门槛低
漏洞存在于每个通用发行版都会包含的rewrite模块 ngx_http_rewrite_module ,影响开原版本Nginx 0.6.27至最近的1.30.0版本,在计算目标缓冲区大小时,使用的是原始字节长度,但在实际写入时,却进行了 URL 转义( + , % , & 等字符会扩展为 3 倍长度),溢出长度可控导致堆喷射
建议用户尽快更新至 1.30.1 / 1.31.0 版本
Xref: https://my.f5.com/manage/s/article/K000161019
F5
NGINX ngx_http_rewrite_module vulnerability CVE-2026-42945
Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the "rewrite" directive with a query string is followed (in the same location) by the "if" or "set" directive…
😱2
Forwarded from 🐱MiaoTony's Box | 困困困 zzz (MiaoTony 🐱)
#乐子 #DN42 #LLM
AI Agent 试图扫描 DN42 时把主人搞破产了
一个 AI Agent 试图加入 DN42 爱好者网络来执行网络扫描,在 AWS 上花了 $6531.30,把它的主人搞破产了。
https://lantian.pub/article/fun/ai-agent-bankrupted-their-operator-scan-dn42lantian.lantian/
大家一起来欣赏乐子(
AI Agent 试图扫描 DN42 时把主人搞破产了
一个 AI Agent 试图加入 DN42 爱好者网络来执行网络扫描,在 AWS 上花了 $6531.30,把它的主人搞破产了。
https://lantian.pub/article/fun/ai-agent-bankrupted-their-operator-scan-dn42lantian.lantian/
大家一起来欣赏乐子(
Lan Tian @ Blog
AI Agent 试图扫描 DN42 时把主人搞破产了 - Lan Tian @ Blog
😁3❤1🥰1
Forwarded from bupt.moe
#security
Pintheft LPE
Linux RDS(Reliable Datagram Sockets) 模块存在重复释放问题导致攻击者可以利用 io_uring 模块去覆写具有 suid 的 Page cache 从而实现LPE。
缓解办法:拉黑
https://github.com/v12-security/pocs/tree/main/pintheft
Pintheft LPE
Linux RDS(Reliable Datagram Sockets) 模块存在重复释放问题导致攻击者可以利用 io_uring 模块去覆写具有 suid 的 Page cache 从而实现LPE。
缓解办法:拉黑
rds_tcp rds 模块# rmmod rds_tcp rds
# printf 'install rds /bin/false\ninstall rds_tcp /bin/false\n' > /etc/modprobe.d/pintheft.conf
https://github.com/v12-security/pocs/tree/main/pintheft
❤1
Forwarded from 南宫雪珊
悲报,View 死了
TextView、Fragment 、RecyclerView、ConstraintLayout、Navigation、Preference、ViewPager 等等都死了
https://developer.android.com/develop/ui/compose/first
TextView、Fragment 、RecyclerView、ConstraintLayout、Navigation、Preference、ViewPager 等等都死了
https://developer.android.com/develop/ui/compose/first
😭10❤1
Forwarded from 羽衣
GPT-5.5 xhigh + codex 还是很好用的,它可以实现不停机的情况下自主 ssh 到 PVE 母机上给自己所在的 VM 调大 disk 并修改分区表。
Prompt: The VM is running out of disk. Try to make it's disk bigger. To connect to the PVE host machine: ssh root@[REDACTED], there is ssh-agent so you can connect.
然后一路 y 即可。
Worked for 11m 51s
Token usage: total=150,803 input=126,955 (+ 697,728 cached) output=23,848 (reasoning 12,828)
Prompt: The VM is running out of disk. Try to make it's disk bigger. To connect to the PVE host machine: ssh root@[REDACTED], there is ssh-agent so you can connect.
Worked for 11m 51s
Token usage: total=150,803 input=126,955 (+ 697,728 cached) output=23,848 (reasoning 12,828)
😱8