MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
systems
Recherche

Serious vulnerability fixed with OpenSSH 9.8

lundi 1 juillet 2024, 14:53 , par LWN.net
OpenSSH 9.8 has been
released, fixing an ugly vulnerability:

Successful exploitation has been demonstrated on 32-bit Linux/glibc
systems with ASLR. Under lab conditions, the attack requires on
average 6-8 hours of continuous connections up to the maximum the
server will accept. Exploitation on 64-bit systems is believed to
be possible but has not been demonstrated at this time. It's likely
that these attacks will be improved upon.

Exploitation on non-glibc systems is conceivable but has not been
examined.

There is a
configuration workaround for systems that cannot be updated, though it
has its own problems. See this Qualys
advisory for more details.
https://lwn.net/Articles/980211/

Voir aussi

News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
mar. 5 nov. - 11:55 CET