Just for information
BR
A patch has been submitted by Arne for version 6.1.37 which has the fix for this
However worth bearing in mind that the likelihood of an exploitation in IPFire is low.
- An unprivileged user must have been created in IPFire and the attacker must have aquired those user access rights. The exploit allows the attacker to escalate their privileges. If there is only the root user (with login access) then there is no privilege to be escalated.
- The unprivileged user must have access to the command line via a terminal.
3.The unprivileged user must be able to execute the exploit with precise timing and have a deep understanding of the kernels inner workings.
The above is my understanding from the above articles.
5 Likes