A bug lurking for 12 years gives attackers root on every major Linux distro

The "good" part is that this is a local privilege escalation vulnerability and not remotely exploitable. Most Linux use cases these days aren't the same as old UNIX and don't have multiple daily active users on the hosts themselves. They are mostly web and application servers where people are only accessing a high level service rather than the underlying operating system. An attacker would have to get local unprivileged access first, which reduces risk overall. The Qualys article does mention insider threat, which, despite what the DoD likes to think, is not as prevalent a threat vector as others.

There have been a non-trivial number of these long-lived vulnerabilities in Linux lately, though. That's a bit troubling. However, it still doesn't hold a candle to the number of vulns being exploited in Windows.

PO1 Tony Holland One of My Co-Workers was talking about this Earlier this Week! Thanks for Letting Us Know.