Avid Seeker

Security

Possible attack vectors on Linux

https://security.archlinux.org/ includes recent CVE’s related to official packages. See ArchWiki for general security recommendations.

This post is about practical real-life examples of previous security vulnerabilities that Linux has been affected with. The CVE’s listed in ASA are of course useful to know about, but I want to see how they can be leveraged by an attacker. Here are some examples, and what I learned from them:

I excluded vulnerabilities that are related to servers or hardware like Spectre, heartbleed and downfall. The solution for these is simply keeping your system updated, using firewall, sandboxing applications, and the rest of the generic recommendations.

Sandboxing