MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
systems
Recherche

Serious vulnerability fixed with OpenSSH 9.8

lundi 1 juillet 2024, 14:53 , par LWN.net
OpenSSH 9.8 has been
released, fixing an ugly vulnerability:

Successful exploitation has been demonstrated on 32-bit Linux/glibc
systems with ASLR. Under lab conditions, the attack requires on
average 6-8 hours of continuous connections up to the maximum the
server will accept. Exploitation on 64-bit systems is believed to
be possible but has not been demonstrated at this time. It's likely
that these attacks will be improved upon.

Exploitation on non-glibc systems is conceivable but has not been
examined.

There is a
configuration workaround for systems that cannot be updated, though it
has its own problems. See this Qualys
advisory for more details.
Lire la suite sur LWN.net
https://lwn.net/Articles/980211/

Voir aussi

systems OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable TheRegister11 Jul
openssh “I fixed a 6-year-old .deb installation bug in Ubuntu MATE and Xubuntu” OS News10 Jul
exploitation Strong SLAs critical for vulnerability management BetaNews10 Jul
vulnerability Another OpenSSH remote code execution vulnerability LWN.net 9 Jul
fixed Latest Ghostscript vulnerability haunts experts as the next big breach enabler TheRegister 5 Jul
serious Nasty regreSSHion bug in OpenSSH puts around 700K Linux boxes at risk TheRegister 1 Jul
demonstrated TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability TheRegister 5 Jun
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
mar. 5 nov. - 11:55 CET