MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
systems
Search

Serious vulnerability fixed with OpenSSH 9.8

Monday July 1, 2024. 02:53 PM , from LWN.net
OpenSSH 9.8 has been
released, fixing an ugly vulnerability:

Successful exploitation has been demonstrated on 32-bit Linux/glibc
systems with ASLR. Under lab conditions, the attack requires on
average 6-8 hours of continuous connections up to the maximum the
server will accept. Exploitation on 64-bit systems is believed to
be possible but has not been demonstrated at this time. It's likely
that these attacks will be improved upon.

Exploitation on non-glibc systems is conceivable but has not been
examined.

There is a
configuration workaround for systems that cannot be updated, though it
has its own problems. See this Qualys
advisory for more details.
Read more at LWN.net
https://lwn.net/Articles/980211/

Related News

systems OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable TheRegisterJul 11
openssh “I fixed a 6-year-old .deb installation bug in Ubuntu MATE and Xubuntu” OS NewsJul 10
exploitation Strong SLAs critical for vulnerability management BetaNewsJul 10
vulnerability Another OpenSSH remote code execution vulnerability LWN.netJul 9
fixed Latest Ghostscript vulnerability haunts experts as the next big breach enabler TheRegisterJul 5
serious Nasty regreSSHion bug in OpenSSH puts around 700K Linux boxes at risk TheRegisterJul 1
demonstrated TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability TheRegisterJun 5
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Nov, Thu 21 - 17:07 CET