• Buffalox@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    2
    ·
    3 months ago

    I’ve been using Linux since 2005, and I’ve heard all sorts of stories about Linux having “security problems”, and almost every time it turns out to be a problem that can’t be exploited on it’s own. but requires the use of other vulnerabilities.
    The only exception I can recall is the zx util compression tool, which was detected before it was rolled out.

    Zero day vulnerabilities have been non existent for 20 years to my knowledge.

    • Buelldozer@lemmy.today
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      2 months ago

      I’ve been using Linux since 2005

      Okay, so as a n00b you can be somewhat forgiven. As someone who started with Slack in 1997 I don’t have that excuse.

      …and almost every time it turns out to be a problem that can’t be exploited on it’s own. but requires the use of other vulnerabilities.

      Since when did chaining vulnerabilities make something not a problem? Are you claiming that the CUPS vulnerability announced in late September isn’t an issue simply because it takes multiple steps?

      The only exception I can recall is the zx util compression tool…

      I don’t mean to be an ass but were you asleep December 2021 through January 2022? Log4Shell was a 10 of 10 critical vulnerability!

      What about CVE-2022-47939 from December 2022?

      I can keep going if needed but I think my point is made. The vulnerabilities, even true kernel level stuff, are out there.