I am just going to alias sudo to the exploit script. On Thu, Apr 30, 2026 at 4:39 PM Ted Mittelstaedt <[email protected]> wrote:
> Ubuntu's servers are now offline with a 503 Service Unavailable - probably > as a result of > > https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available > > Maybe they will come back by the time you read this but as of 4:38PM PST > they are offline. > > Fortunately the Internet Archive crawled the page, it's here: > > > https://web.archive.org/web/20260430191621/https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available > > TLDR: No recompiled kernel available at this time, they are "fixing" it > by the same fix - disabling the kernel module - that's already been > discussed. > > Ted > > -----Original Message----- > From: PLUG <[email protected]> On Behalf Of Ted Mittelstaedt > Sent: Thursday, April 30, 2026 4:02 PM > To: 'Portland Linux/Unix Group' <[email protected]> > Subject: Re: [PLUG] exploit in the wild > > I don't believe in luck. If it wasn't advanced, they waited to inform the > main kernel devs until they were close enough to the Ubuntu 26 release yet > far enough out that they could just slip in the patch and it would be > included in 26 It's just way to "coincidental" and "lucky" that it > happened that way since Ubuntu is the largest distro. > > The second this patch was slipped into the kernel the approving developer > would have immediately recognized the significance and known there would be > a complete shit show once it was announced. I assume that was Linus > himself and you better believe he would have informed a few people at > Canonical and RedHat and a few other places via his little secret back > channels. Canonical had a month to release a kernel patch for 24.04 and > 22.04 but they obviously waited so as to not tip off anyone. Why they > haven't immediately released kernel updates for those distros is because > they are not above using Zero days to push people into upgrading. I'm also > betting an update will quietly appear for Pro before it appears for the > community stuff. > > These "security researchers" absolutely monetize these things. The > particular one who found this will get his invite to the next White Hat > conference and will go and make is presentation then someone, like Oracle > or RedHat or someone like that will slap down a $500k yearly employment > contract in front of him, if that already hasn't happened. > > If he had waited a few weeks then it would have been too late for Ubuntu > to ship and it would have been egg on Canonical's face and they would have > been pissed - and he would certainly not have gotten any employment > contract from them. You don't deliberately make enemies of the largest > Linux distro unless you are really stupid. > > The business of breaking into computers is a dirty business. You and I > both do this but I like to think that we are the whitest of the white > knights since we are merely taking control of our own stuff away from > networking companies who have no business with their fingers in our > routers. And we don't do this to stuff we don't own nor is anything we > publish usable for malcontents to do this to other people. But we can > still smell the stink of it even a removed as we are. > > There's going to be a lot of people hurt by this one. And claiming that > they deserved it because they weren’t updating is victim-blaming no better > than blaming the woman who got raped for wearing a short skirt. > > Spin it how you like but this entire thing stinks. And incidentally the > Canonical servers right now are melting down as I'm observing by running > apt-update...very very slow right now. > > Ted > > -----Original Message----- > From: PLUG <[email protected]> On Behalf Of Russell Senior > Sent: Thursday, April 30, 2026 7:13 AM > To: [email protected] > Subject: Re: [PLUG] exploit in the wild > > > > On 4/30/26 06:42, Ted Mittelstaedt wrote: > > Note that Ubuntu 26.04 was released on the 23rd of April, and its NOT > > vulnerable. I suspect that there is a connection here and that the > 26.04 release date was Advanced. > > I don't think the Ubuntu 26.04 release schedule was advanced. The release > date is consistent with past releases, see here: > > https://documentation.ubuntu.com/project/release-team/list-of-releases/ > > The reason it isn't vulnerable is that the fix got into v7.0 and (I'm not > sure of the Ubuntu policy, but guessing) because v7.0 was released before > Ubuntu 26.04 was released, they went with it. > > The thing that kind of surprises me is that the major distributions didn't > have the fix in by the disclosure day. ArchLinux was also not vulnerable, > if you update reasonably regularly because they stay pretty close to > upstream stable kernels and so had the fix as a matter of course. Debian > and Ubuntu (and Fedora?) seem to have been caught a bit flat footed. > > The thing I haven't seen reported yet is: "are non-x86/ architectures also > affected?" You would guess so, since this was apparently a logical error, > but the published python script exploit doesn't work on them to test, and I > haven't seen anyone say. An exploit tuned for ARM, might. > > -- > Russell Senior > [email protected] > > >
