245
'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems (www.computing.co.uk)
submitted 2 months ago by Blaze@lemmy.zip to c/linux@programming.dev
39 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] lurklurk@lemmy.world 28 points 2 months ago

the in depth technical details

TL;DR; sigalarm handler calls syslog which isn't safe to call from a signal handler context.

Their example exploit needed about 10k attempts to get a remote shell so it's not fast or quiet, but a neat find regardless

[-] bitfucker@programming.dev 5 points 2 months ago

I can already imagine the log generated will be a hint. We usually automate those anyway as it is closer to (D)DoS too.

this post was submitted on 01 Jul 2024
245 points (98.8% liked)

Linux

4966 readers
204 users here now

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 1 year ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev