Blaze (he/him)@lemmy.zip to

Linux@programming.dev · 1 year ago

'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems

www.computing.co.uk

6

1

'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems

www.computing.co.uk

Blaze (he/him)@lemmy.zip to

Linux@programming.dev · 1 year ago

6

Researchers at the Qualys Threat Research Unit (TRU) have unearthed discovered a critical security flaw in OpenSSH's server (sshd) in glibc-based Linux systems.

Chat

lurklurk@lemmy.world
link
fedilink
arrow-up
1
arrow-down
1·
1 year ago
the in depth technical details

TL;DR; sigalarm handler calls syslog which isn’t safe to call from a signal handler context.

Their example exploit needed about 10k attempts to get a remote shell so it’s not fast or quiet, but a neat find regardless

Linux@programming.dev

linux@programming.dev

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !linux@programming.dev

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

422 users / day
1.58K users / week
4.4K users / month
9.29K users / 6 months
1 local subscriber
8.39K subscribers
1.86K Posts
13.1K Comments
Modlog