@GossiTheDog @iaintshootinmis we’re told there’s some simple mitigations that will be included in the announcement on the 6th.
Probably worth scheduling someone to watch for those, with stakeholder contact details and access to whatever mgt tooling you use for deploying changes/running commands across the fleet.
For some companies that means scheduling a change/outage window, so there might be some prep required for that.

I had several people I know tell me they weren't doing anything about #EvilSocket 's potential disclosure because it was inactionable.

I wish I were at a keyboard right now. But of course its actionable! In the military we often received warning orders and we always followed our troop leading procedures. Heres a break down of those and how they apply to your role in #InfoSec A 🧵.

Who is paying attention to #EvilSocket on X and wheres the conversation happening? I'd like to follow whoever's mastodon is talking about it.

If no one is, then there is a #Linux unauth #RCE being disclosed to openwall on the 30th.

Appears to affect Linux and #BSD with a 9.9 CVSS score.

From reading X thread seems to be not kernel or user space. Assuming protocol implementation?

https://x.com/evilsocket/status/1838169889330135132