Ryan Baumann<p>Here's an article from <span class="h-card"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dangoodin</span></a></span> explaining the severity of the original CVE-2023-36460 (dubbed <a href="https://digipres.club/tags/TootRoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TootRoot</span></a> by <span class="h-card"><a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>GossiTheDog</span></a></span>): <a href="https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2023/</span><span class="invisible">07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.
Administered by:
Server stats:
9.7Kactive users
hachyderm.io: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.5
#tootroot
0 posts · 0 participants · 0 posts today
FraYoshi the 2nd<p>oh... there's <span class="h-card"><a href="https://mstdn.social/@stux" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>stux</span></a></span> on the video of Mentally Outlaw about <a href="https://mstdn.social/tags/TootRoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TootRoot</span></a>!<br><a href="https://youtu.be/3KCyhltnz7w?t=721" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/3KCyhltnz7w?t=721</span><span class="invisible"></span></a></p>
GMate8<p><span class="h-card" translate="no"><a href="https://mas.to/@iamdtms" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>iamdtms</span></a></span> good they found it! By the way <span class="h-card" translate="no"><a href="https://mozilla.social/@mozilla" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mozilla</span></a></span> hired a pentester group and they found the <a href="https://mastodon.online/tags/TootRoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TootRoot</span></a> vulnerability in Mastodon</p>
Quinn Blueheart 🔞✍️🔥<p><span class="h-card"><a href="https://smutlandia.com/@monster_mistress" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monster_mistress</span></a></span> are you on this <a href="https://smutlandia.com/tags/tootroot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tootroot</span></a> fix already? Thanks for all you do! 💙💙💙</p><p><a href="https://glitterkitten.co.uk/@doot/110705662211310545" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">glitterkitten.co.uk/@doot/1107</span><span class="invisible">05662211310545</span></a></p>
Seth<p>Even exploits on <a href="https://social.sethmb.xyz/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mastodon</span></a> sound cute. Luckily, <a href="https://social.sethmb.xyz/tags/tootroot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tootroot</span></a> is now fixed ☺️</p>
Chris McDonough ✅<p>I run a Mastodon instance on Digital Ocean. Upgrading a 4.0.X instance there was pretty darn easy.</p><p><a href="https://chattingdarkly.org/tags/TootRoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TootRoot</span></a> </p><p><a href="https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2023/</span><span class="invisible">07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/</span></a></p>
mrp<p><span class="h-card"><a href="https://climatejustice.social/@PaulaToThePeople" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>PaulaToThePeople</span></a></span> have you updated your mastodon servers to patch <a href="https://climatejustice.rocks/tags/tootroot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tootroot</span></a> ? <a href="https://github.com/mastodon/mastodon/security" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/mastodon/mastodon/s</span><span class="invisible">ecurity</span></a></p>
MOULE | :CTRL: Album Out Now!<p>I hope every <a href="https://mastodon.moule.world/tags/MastoAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MastoAdmin</span></a> has updated their <a href="https://mastodon.moule.world/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a> <a href="https://mastodon.moule.world/tags/Instance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Instance</span></a> to the latest version by now...the <a href="https://mastodon.moule.world/tags/TootRoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TootRoot</span></a> <a href="https://mastodon.moule.world/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> is not a joke! <a href="https://mastodon.moule.world/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.moule.world/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.moule.world/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2023/</span><span class="invisible">07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/</span></a></p>
DarkChocobo :gaming_magoscuro:<p>Los de Mozilla Fundation han hecho pentesting en su instancia y han descubierto una nueva vulnerabilidad que afecta todo Mastodon que consiste en atacar la ruta de los attachment(fotos, gifs, videos, etc..).</p><p>¿Tenemos la instancia actualizada , <span class="h-card"><a href="https://tkz.one/@trankten" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>trankten</span></a></span>? Esto es muy nuevo. Y te puede interesar <a href="https://tkz.one/tags/Tootroot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tootroot</span></a></p><p><a href="https://www.youtube.com/watch?v=3KCyhltnz7w" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=3KCyhltnz7</span><span class="invisible">w</span></a></p>
stl1988<p><span class="h-card"><a href="https://layer8.space/@Sammy8806" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Sammy8806</span></a></span> Hast du layer8.space bereits auf 4.1.3 geupdatet? Dieses Update behebt eine kritische Sicherheitslücke namens <a href="https://layer8.space/tags/Tootroot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tootroot</span></a>.</p>
ben<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@jerry" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jerry</span></a></span> out of curiosity since you have experience with both mastodon and infosec , what’s your take on the recent <a href="https://infosec.exchange/tags/tootroot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tootroot</span></a> vulnerability? I’m sure your on top of it with infosec.exchange but what does this mean for other admins who possibly don’t patch?</p>
Evan 🫠 🔙 MAGFest 🦔💨🥏<p><span class="h-card"><a href="https://gamedev.lgbt/@bram" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bram</span></a></span> idk how to check as a user but can you check if this instance is updated to 4.1.3 or later to prevent <a href="https://gamedev.lgbt/tags/TootRoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TootRoot</span></a> ?</p>
zbecker<p><a href="https://mastodon.zbecker.cc/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mastodon</span></a> <a href="https://mastodon.zbecker.cc/tags/Fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fediverse</span></a> <a href="https://mastodon.zbecker.cc/tags/mastoadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mastoadmin</span></a></p><p>Make sure your server is on version 4.1.3+</p><p>Critical CVE Found <a href="https://mastodon.zbecker.cc/tags/cve202336459" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve202336459</span></a> also known as <a href="https://mastodon.zbecker.cc/tags/tootRoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tootRoot</span></a> </p><p><a href="https://www.youtube.com/watch?v=3KCyhltnz7w" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=3KCyhltnz7</span><span class="invisible">w</span></a></p>
HyreinDrawStuff<p>Have the @admin of Mastodon.art patch out the tootroot bug yet?<br><a href="https://mastodon.art/tags/tootroot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tootroot</span></a></p>
rina :v_trans:<p><span class="h-card" translate="no"><a href="https://tech.lgbt/@mods" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mods</span></a></span> please deal with <a href="https://tech.lgbt/tags/tootroot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tootroot</span></a> if you haven't !!</p>
🌈 BarbaPulpe 😇 ᴹᵃˢᵗᵒᵈᵒⁿ<p>Concernant les dernières failles de sécurité : agissons ensemble pour une fédiverse sûre !</p><p>La dernière mise à jour de Mastodon va démontrer les défis d'une architecture fédérée avec un ensemble d'administrateurs répartis dans le monde, de compétences diverses en administration de serveurs et agissant pour la plupart dans leur temps libre.</p><p>Et pourtant, il y a cinq vulnérabilités dont la plus critique a un score CVSS de 9,9 sur 10 (et la suivante de 9,3), ce qui en fait une faille critique et facile à exploiter. Envoyer un pouet construit à cette fin peut suffire à implanter un code arbitraire sur le serveur cible, et ainsi à en prendre le contrôle ou bien capturer toutes les informations qui y sont stockées (dont les IP et adresses mail de ses utilisateurs).</p><p>Facile à résoudre, il faut que l'administrateur mette à jour son serveur (au moins vers 4.1.3, ou bien 4.0.5 ou 3.5.9 s'il est sur d'anciennes branches). Heureusement cela n'affectera a priori que son serveur, mais qui sait ce qu'un attaquant pourrait faire à partir d'un serveur compromis fédéré avec le reste de la fédiverse ? Se faire passer pour un autre par exemple ?</p><p>Si vous êtes sur un serveur à jour vos données sont protégées. Si ce n'est pas le cas contactez votre administrateur pour qu'il fasse cette mise à jour dès que possible. Il ne serait pas responsable de rester encore une semaine sans résoudre ce problème, d'autant que la solution est disponible et facile à appliquer, et que la vulnérabilité est désormais connue et exploitable. Chaque administrateur a probablement reçu un mail pour le prévenir directement (c'est mon cas et beaucoup d'autres que je connais), donc... y a plus qu'à !</p><p><a href="https://gayfr.social/tags/MastoAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MastoAdmin</span></a> <a href="https://gayfr.social/tags/MastodonAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MastodonAdmin</span></a> <a href="https://gayfr.social/tags/Admin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Admin</span></a> <a href="https://gayfr.social/tags/TootRoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TootRoot</span></a></p><p><a href="https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2023/</span><span class="invisible">07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/</span></a></p>
Genders: ♾️, 🟪⬛🟩; Soni L.<p>it'd be funny if ppl started using <a href="https://chaos.social/tags/TootRoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TootRoot</span></a> to patch TootRoot.</p>
Matt Willemsen<p>Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking<br>Most critical of the bugs allowed attackers to root federated instances.<br><a href="https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2023/</span><span class="invisible">07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/</span></a> <a href="https://fedibird.com/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a> <a href="https://fedibird.com/tags/fixes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fixes</span></a> <a href="https://fedibird.com/tags/TootRoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TootRoot</span></a> <a href="https://fedibird.com/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://fedibird.com/tags/NodeHijacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NodeHijacking</span></a> <br> <a href="https://fedibird.com/tags/attackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>attackers</span></a> <a href="https://fedibird.com/tags/root" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>root</span></a> <a href="https://fedibird.com/tags/FederatedInstances" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FederatedInstances</span></a>.</p>
Wuzzy<p>And the prize for the funniest name of a security vulnerability goes to: Tootroot! 🎉 <br>(CVE-2023-36460)</p><p><a href="https://cyberplace.social/tags/Tootroot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tootroot</span></a> <a href="https://cyberplace.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://cyberplace.social/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a> <a href="https://cyberplace.social/tags/CVE202336460" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE202336460</span></a></p>
Wildy :verified_paw:<p>Updated my <a href="https://socialpa.ws/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mastodon</span></a> server to 4.1.4.</p><p>Dear <a href="https://socialpa.ws/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mastodon</span></a> admins, there was a new <a href="https://socialpa.ws/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> vulnerability discovered called <a href="https://socialpa.ws/tags/TootRoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TootRoot</span></a>, please update your servers!</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload