MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
are
Recherche

Another OpenSSH remote code execution vulnerability

mardi 9 juillet 2024, 15:36 , par LWN.net
Alexander 'Solar Designer' Peslyak has disclosed another OpenSSH
vulnerability that can be exploited for remote code execution, but only
on distributions that have applied a patch to add auditing support.
Specifically, RHEL 9 and derivatives are affected, as are
Fedora 36 and 37 (but not later releases).

The main difference from CVE-2024-6387 is that the race condition
and RCE potential are triggered in the privsep child process, which
runs with reduced privileges compared to the parent server process.
So immediate impact is lower. However, there may be differences in
exploitability of these vulnerabilities in a particular scenario,
which could make either one of these a more attractive choice for
an attacker, and if only one of these is fixed or mitigated then
the other becomes more relevant.
Lire la suite sur LWN.net
https://lwn.net/Articles/981287/

Voir aussi

are [$] Restricting execution of scripts — the third approach LWN.net19 Jul
these Maximum-severity Cisco vulnerability allows attackers to change admin passwords TheRegister18 Jul
another Mistral’s new Codestral Mamba to aid longer code generation ComputerWorld17 Jul
vulnerability Mistral’s new Codestral Mamba to aid longer code generation InfoWorld17 Jul
nbsp Theia IDE: Eclipse’s answer to Visual Studio Code InfoWorld17 Jul
remote Navigate your Apple TV more easily with this $24 user-friendly button remote! BoingBoing16 Jul
openssh Grosse fuite de données chez Disney : projets secrets, code, informations privées… 01net16 Jul
execution Nation's Last Morse Code Station Comes Back To Life On Annual 'Night of Nights' In Point Reyes Slashdot16 Jul
code Can’t update Windows due to error code 0x80070643? Here’s what to do PC World15 Jul
one ZDI shames Microsoft for – yet another – coordinated vulnerability disclosure snafu TheRegister15 Jul
only 01net morning : s’y retrouver avec les eSIM et iSIM, appréhender la cryptographie quantique, comprendre quelque chose au code QR des JO 01net15 Jul
process Nasty Spoofing Attack Resurrects Internet Explorer Vulnerability in Windows 10 and 11 Slashdot13 Jul
which Source code: The source of truth for securing the API attack surface  BetaNews13 Jul
are QR code des JO : comment ça marche ? Où l’obtenir ? Quand l’utiliser ? 01net13 Jul
these OpenAI Working On New Reasoning Technology Under Code Name 'Strawberry' Slashdot13 Jul
another OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable TheRegister11 Jul
vulnerability Strong SLAs critical for vulnerability management BetaNews10 Jul
nbsp AMD libère son FidelityFX SDK 1.1 incluant le code source de la technologie FSR 3.1 CowcotLand10 Jul
remote GitHub AI code assistant lawsuit dismissed BoingBoing10 Jul
openssh Coders' Copilot code-copying copyright claims crumble against GitHub, Microsoft TheRegister 9 Jul
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
mar. 5 nov. - 07:47 CET