this post was submitted on 01 Jul 2024
245 points (100.0% liked)

Linux

8312 readers
223 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of [email protected] and The GIMP

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
245
'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems (www.computing.co.uk)
submitted 1 year ago by [email protected] to c/[email protected]
39 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 28 points 1 year ago (1 children)

the in depth technical details

TL;DR; sigalarm handler calls syslog which isn't safe to call from a signal handler context.

Their example exploit needed about 10k attempts to get a remote shell so it's not fast or quiet, but a neat find regardless

[โ€“] [email protected] 5 points 1 year ago

I can already imagine the log generated will be a hint. We usually automate those anyway as it is closer to (D)DoS too.