TECH NEWS

Multiple Linux distros hit by major 'CIFSwitch' flaw that gives attackers root access

https://cdn.mos.cms.futurecdn.net/24LpHRooWcSEnJiNmUBoBK-2560-80.jpg
  • Researcher Asim Viladi Oglu Manizada disclosed CIFSwitch, a Linux privilege‑escalation flaw lingering for nearly 20 years
  • Affects major distros including Mint, CentOS Stream 9, Rocky Linux 9, AlmaLinux 9, Kali Linux, SLES 15 SP7
  • Mitigation includes applying updates, disabling unnecessary file‑sharing components, and restricting exploitable features

Security researchers are warning about a new vulnerability in certain Linux distributions, which can be abused to uplift regular accounts to system administrators.

The vulnerability was discovered by researcher Asim Viladi Oglu Manizada, who named it “CIFSwitch”. It affects a feature that allows Linux computers to connect to shared files and folders on other devices across a network. He also published a proof-of-concept (PoC) for the bug, which can be found here.

Manizada says the vulnerability lingered in Linux distributions for almost two decades, and stressed that it can be exploited under certain conditions to elevate a user’s privileges from a standard account...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more