Hot
The OpenSSH server has a remote unauthenticated code execution vulnerability.
SOURCES
Mastodon44
Bluesky7
Reddit2
Mastodon44Bluesky7Reddit2- Jul 5 did:plc:i34vxgn34hwh3ocvbjxh7j4kregreSSHion: Remote Unauthenticated Code Execution Vulnerability in The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based blog.qualys.com/vulnerabilit...
- @frontenddogma@mas.toRegreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server, by @jogibharat@x.com (@qualys@x.com):
- @kaori@cal.vino.blue📎What you need to know about regreSSHion: an OpenSSH server remote code execution vulnerability (CVE-2024-6387)
- Jul 4 patrickm101.bsky.socialOh good, in case the last week doesn’t suck enough. There’s a new (well old and now back again) vulnerability in openssh.
- @yogthos@mas.toA critical vulnerability in OpenSSH versions 8.5p1 to 9.7p1 allows unauthenticated remote code execution as root on Linux systems. The flaw, a regression of a previously fixed issue, arises from a race condition in the signal handler, exploitable due to unsafe function calls in an asynchronous context. OpenSSH 9.8 addresses this, and mitigation involves setting LoginGraceTime to zero, though this might increase susceptibility to denial-of-service attacks. #security