| jeffv via plug on 18 Mar 2026 06:25:19 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| [PLUG] AppArmon telnetd RCE |
https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html"This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access through the interaction of two standard system components: snap-confine and systemd-tmpfiles," the Qualys Threat Research Unit (TRU) said. "While the exploit requires a specific time-based window (10–30 days), the resulting impact is a complete compromise of the host system."
Unauthenticated Root RCE via Port 23 https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.htmlThe vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in the LINEMODE Set Local Characters (SLC) suboption handler that results in a buffer overflow, ultimately paving the way for code execution.
Ubuntu AppArmor Important Kernel Profile Manipulation Risk USN-8098-1 https://linuxsecurity.com/news/server-security/verify-apparmor-is-workingThis isn’t a bypass in the traditional sense. It’s profile manipulation at the kernel level. In certain scenarios, an unprivileged user can alter loaded rules without triggering alerts. Monitoring still reports “Enforcing,” but the kernel is no longer running the policy you have on disk.
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug