Shawn Smith, director of infrastructure at application security vendor nVisium, told eSecurity Planet that while the vulnerabilities are serious, the silver lining is that both require an attacker to be a local authorized user.

“On its own, it’s not going to give a remote attacker access to anything, but if combined with other attacks, it’s possible an attacker could leverage a user account from somewhere else and pivot into this to get root access,” Smith said. “Linux security is a fairly broad topic since there are so many different forks that fall under the Linux ecosystem, but generally it’s a pretty secure system. Because it is open source, anyone can perform code audits and many issues are caught before they are merged into main, but occasionally bugs like this do slip through and can go unnoticed for months or even years.”

Read entire article here!