Blahaj.zone experienced a security breach and is handling it to properly reduce the risk of harm to their users. the current eta for their reture is in about 7 hours.

you are viewing a single comment's thread
view the rest of the comments

[–] sylver_dragon@lemmy.world 29 points 8 hours ago (2 children)

Then they transfered a file to /tmp/exp which was linux kernel CVE-2026-43500, nicknamed ‘Dirty Frag’, an RxRPC local privilege escalation. I had not patched these internal servers that nobody should have access to against this.

Lessons Learned #1:
Install your patches.
"But I have a firewall!"
That is not a sufficient control.
Install.
Your.
Fucking.
Patches!

[–] moonpiedumplings@programming.dev 10 points 6 hours ago

"Just patch" is advice for a windows administrator, where updates break everything so you have to sit and baby them and apply them manually.

On Linux, there are ways to enable automatic security updates, including automatic reboots, so you can safely receive the mitigations your distro provides. That way, you don't have to worry about forgetting to patch (until the distro release becomes unmaintained, at least).

Now, dirty frag was a zero day, meaning that it was released and probably in the wild before a mitigation was pushed out to handle it. So you did need to apply an actual configuration patch... unless you had some form of kernel based isolation, which I mention as #2 of my other comment in this thread: https://programming.dev/post/52129409/24414213

[–] frongt@lemmy.zip 2 points 8 hours ago

"Should" is a four-letter word in fields like safety and security.