Navigation
Recherche
|
Serious vulnerability fixed with OpenSSH 9.8
lundi 1 juillet 2024, 14:53 , par LWN.net
OpenSSH 9.8 has been
released, fixing an ugly vulnerability: Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon. Exploitation on non-glibc systems is conceivable but has not been examined. There is a configuration workaround for systems that cannot be updated, though it has its own problems. See this Qualys advisory for more details.
https://lwn.net/Articles/980211/
Voir aussi |
56 sources (32 en français)
Date Actuelle
mar. 5 nov. - 11:55 CET
|