OpenSSH: race condition in sshd allows remote code execution (stackdiary.com)
from tmpod@lemmy.pt to technology@lemmy.ml on 01 Jul 2024 20:10
https://lemmy.pt/post/5733711

A severe vulnerability in OpenSSH, dubbed “regreSSHion” (CVE-2024-6387), has been discovered by the Qualys Threat Research Unit, potentially exposing

#technology

threaded - newest

tmpod@lemmy.pt on 01 Jul 2024 20:11 next collapse

musl isn’t vulnerable, as per fosstodon.org/@musl/112711796005712271

recapitated@lemmy.world on 01 Jul 2024 20:19 next collapse

I always use my ssh server for remote code execution.

m88youngling@slrpnk.net on 01 Jul 2024 20:32 collapse

technically the truth!

lemmyvore@feddit.nl on 02 Jul 2024 06:14 collapse

Last I read about it it required connecting for 6-7 hours continuously on 32bit systems, and it’s unknown how long it would take on 64bit.

tmpod@lemmy.pt on 02 Jul 2024 08:28 collapse

Yeah, exactly. Very impracticable.

andrew@radiation.party on 02 Jul 2024 11:16 next collapse

But, eventually exploitable is still a pretty major concern for anybody who has systems running longer than a few days at a time.

tmpod@lemmy.pt on 02 Jul 2024 11:20 next collapse

True, an RCE is always a serious thing. Just saying it’s not exactly catastrophic like others have been more so.

whereisk@lemmy.world on 02 Jul 2024 16:05 collapse

I can’t imagine any system of influence running an exposed ssh without some further protection from connection abuse like fail2ban.

Midnight1938@reddthat.com on 02 Jul 2024 12:08 collapse

Reminds me of the node-ip guy making thn repo read only because of amateur researchers filling up cve s