Can you remember the last remote Linux RCE that wasn't web app related (e.g. Struts, Wordpress, Drupal, etc)? Yeah, me neither.
3
3
4
CVE-2016-7117?
1
Replying to @attritionorg
Probably right on that one. But there's too much low-hanging fruit in the web app space for people to look for OS vulns.

May 1, 2017 · 3:40 AM UTC

1
Replying to @hal_pomeranz
yes and no. you qualified linux remote. linux local DoS is quite prevalent. so people definitely looking.
1
And priv esc too, but I'm pondering initial compromise vectors.