This looks like an extraordinary find at first glance.
Does this mean you can go from a basic web shell from a shared hosting account to root? I can see how that could wreak havoc really quickly.
This looks like an extraordinary find at first glance.
Does this mean you can go from a basic web shell from a shared hosting account to root? I can see how that could wreak havoc really quickly.
Yes I would imagine lots of those type of services would be vulnerable if they hadn't updated to the latest kernel versions.
As of this comment, Debian Stable ("Trixie", though I hate codenames) doesn't have a fix in place and remains vulnerable, or at least their CVE tracker shows it as such:
https://security-tracker.debian.org/tracker/CVE-2026-31431
"Debian Stable ("Trixie", though I hate codenames)"
You can also call it Debian 13.
I choose not to call it Debian 13 because that carries less context than Stable/Testing/sid. I'd rather not require the user to maintain that extra metnal mapping.
Anyone who knows anything about this subject immediately understands what is connoted by "Debian Stable". I run Trixie on most of my personal boxes and I had no idea what version number it is, nor do I particularly care.
> I run Trixie on most of my personal boxes and I had no idea what version number it is
It's not that hard to find though:
13.4 since 3/14