Blaze@lemmy.zip to

Linux@programming.dev · 5 months ago

'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems

www.computing.co.uk

1

0

'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems

www.computing.co.uk

Blaze@lemmy.zip to

Linux@programming.dev · 5 months ago

1

Researchers at the Qualys Threat Research Unit (TRU) have unearthed discovered a critical security flaw in OpenSSH's server (sshd) in glibc-based Linux systems.

You must log in or register to comment.

Chat

lurklurk@lemmy.world
link
fedilink
arrow-up
0
arrow-down
1·
5 months ago
the in depth technical details

TL;DR; sigalarm handler calls syslog which isn’t safe to call from a signal handler context.

Their example exploit needed about 10k attempts to get a remote shell so it’s not fast or quiet, but a neat find regardless

Linux@programming.dev

linux@programming.dev

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !linux@programming.dev

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

215 users / day
1.32K users / week
2.42K users / month
3.15K users / 6 months
1 local subscriber
5.32K subscribers
193 Posts
1.34K Comments
Modlog