Blaze (he/him)@lemmy.zip to Linux@programming.dev · 1 year ago'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systemswww.computing.co.ukexternal-linkmessage-square39fedilinkarrow-up1248arrow-down13
arrow-up1245arrow-down1external-link'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systemswww.computing.co.ukBlaze (he/him)@lemmy.zip to Linux@programming.dev · 1 year agomessage-square39fedilink
minus-squarelurklurk@lemmy.worldlinkfedilinkarrow-up28arrow-down1·1 year agothe in depth technical details TL;DR; sigalarm handler calls syslog which isn’t safe to call from a signal handler context. Their example exploit needed about 10k attempts to get a remote shell so it’s not fast or quiet, but a neat find regardless
minus-squarebitfucker@programming.devlinkfedilinkarrow-up5·1 year agoI can already imagine the log generated will be a hint. We usually automate those anyway as it is closer to (D)DoS too.
the in depth technical details
TL;DR; sigalarm handler calls syslog which isn’t safe to call from a signal handler context.
Their example exploit needed about 10k attempts to get a remote shell so it’s not fast or quiet, but a neat find regardless
I can already imagine the log generated will be a hint. We usually automate those anyway as it is closer to (D)DoS too.