US CISA adds ‘insane’ Linux Copy Fail flaw to watch list
Malicious actors with code execution capability may gain root access on Linux systems using as few as 10 lines of Python, according to a researcher.
A newly discovered vulnerability could affect most open-source major Linux distributions released since 2017, according to security researchers.
The flaw, titled “Copy Fail,” caught the attention of the US Cybersecurity and Infrastructure Agency (CISA), who added it to the Known Exploited Vulnerabilities (KEV) catalog on Saturday, warning it poses “significant risks to the federal enterprise.”
The vulnerability can allow attackers to gain root access across a wide range of Linux systems using a 732-byte Python script, though it requires prior code execution on the system to escalate privileges.
