'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems
'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems
www.computing.co.uk 'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems
Researchers at the Qualys Threat Research Unit (TRU) have unearthed discovered a critical security flaw in OpenSSH's server (sshd) in glibc-based Linux systems.
You're viewing a single thread.
39
comments
the in depth technical details
TL;DR; sigalarm handler calls syslog which isn't safe to call from a signal handler context.
Their example exploit needed about 10k attempts to get a remote shell so it's not fast or quiet, but a neat find regardless
I can already imagine the log generated will be a hint. We usually automate those anyway as it is closer to (D)DoS too.
You've viewed 39 comments.