• @[email protected]
    link
    fedilink
    English
    11 month ago

    I’ve been using Linux since 2005, and I’ve heard all sorts of stories about Linux having “security problems”, and almost every time it turns out to be a problem that can’t be exploited on it’s own. but requires the use of other vulnerabilities.
    The only exception I can recall is the zx util compression tool, which was detected before it was rolled out.

    Zero day vulnerabilities have been non existent for 20 years to my knowledge.

    • Buelldozer
      link
      fedilink
      English
      1
      edit-2
      1 month ago

      I’ve been using Linux since 2005

      Okay, so as a n00b you can be somewhat forgiven. As someone who started with Slack in 1997 I don’t have that excuse.

      …and almost every time it turns out to be a problem that can’t be exploited on it’s own. but requires the use of other vulnerabilities.

      Since when did chaining vulnerabilities make something not a problem? Are you claiming that the CUPS vulnerability announced in late September isn’t an issue simply because it takes multiple steps?

      The only exception I can recall is the zx util compression tool…

      I don’t mean to be an ass but were you asleep December 2021 through January 2022? Log4Shell was a 10 of 10 critical vulnerability!

      What about CVE-2022-47939 from December 2022?

      I can keep going if needed but I think my point is made. The vulnerabilities, even true kernel level stuff, are out there.