16 comments

[ 0.18 ms ] story [ 34.3 ms ] thread
> IV. Workaround

> No workaround is available.

Oh dear.

I really am starting to think that the level of technical understanding on HN is so low that when readers see an exploit like this, they imagine basically the cult classic movie "Hackers" in their heads where some guy hacks into any machine of their choosing.
IV. Workaround

Accept that everything is broken and terrible and yet somehow find a way to keep a sense of humor and smile about it.

Linux is on their second and FreeBSD is on their first. How many is Windows on?
This is from April 28th, it was patched in 15.0R-p7.
(comment deleted)
Nice to randomly encounter our own work here.

Check out our blog post for a fun walkthrough: https://blog.calif.io/p/cve-2026-7270-how-i-get-root-on-free...

AI-generated working exploit, write-up and prompts: https://github.com/califio/publications/tree/main/MADBugs/fr...

Your bot's blog is above average bot level.

I am sure you have spend lots of time to make your bot works that great.

"our" is a stretch. Not only because you're giving an algorithm personhood, but because you didn't do any of the real work. So you could instead say that it's "nice to randomly encounter what I prompted an instance of [brand of artificially intelligent dowsing rod] to do". There's your chance to claim ownership; you can plainly state that you're the person who pressed the button.
Calif is just killing it these past couple months. Reminder that Calif is Thai Duong's new firm.
Oof that's a pretty big one, I didn't realise but I had already updated anyway.

  memmove(args->begin_argv + extend, args->begin_argv + consume,
      args->endp - args->begin_argv + consume);   // ← bug
C code like this is why we can't have nice things. Arithmetic operation in the arguments of a dangerous function call with no explicit bounds check.

    -     args->endp - args->begin_argv + consume);
    +     args->endp - (args->begin_argv + consume));
tbh I've considered simply banning math-operator-precedence in projects I work on, and requiring all mixed-operator code to use parenthesis or split to multiple statements. I do that myself, at least.

I've seen so many mistakes from it, and seen people spend so much pointless and avoidable time deciphering and verifying it, it really doesn't seem worth it (in most code) for the extremely minor character savings.

A CVE for exeCVE()