[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How do I disclose a vulnerability?
|
From: |
Sergey Bugaev |
|
Subject: |
Re: How do I disclose a vulnerability? |
|
Date: |
Fri, 14 May 2021 19:33:38 +0300 |
On Fri, May 14, 2021 at 4:30 PM Samuel Thibault <samuel.thibault@gnu.org> wrote:
> We don't have anything set up for disclosures, you can drop me an e-mail
> (ciphered if you can).
OK, I'll prepare a write-up and send it to you. And I will attempt to
use GPG for it.
I asked about this on the Fediverse; and got (among other replies)
this small guide [0] which sounds like a good plan of action. What do
you think?
Oh, and you would not believe this, but in the past couple of hours I
have discovered *another* vulnerability, unrelated to the first one;
it's even easier to exploit and also gives you root:
sergey@sergey-hurd-box:~/hax2$ ./hax2
Got root auth port :)
root@sergey-hurd-box:~/hax2# id
uid=0(root) gid=0(root) groups=0(root)
root@sergey-hurd-box:~/hax2#
Sergey
[0]: https://functional.cafe/@minoru/106234136976353911