You must log in or register to comment.
It’s shit like this that makes me convinced that governments can easily hack into pretty much every system
Well only if they know about it before it gets patched…
That’s why there is a huge market for 0-day exploits.
the in depth technical details
TL;DR; sigalarm handler calls syslog which isn’t safe to call from a signal handler context.
Their example exploit needed about 10k attempts to get a remote shell so it’s not fast or quiet, but a neat find regardless
They have named this vulnerability “regreSSHion”, since it represents the re-emergence of a bug that was previously patched in 2006
That’s a great name
Agreed, but I had to disable autocorrect to type it on my phone.
