MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
systems
Search

Serious vulnerability fixed with OpenSSH 9.8

Monday July 1, 2024. 02:53 PM , from LWN.net
OpenSSH 9.8 has been
released, fixing an ugly vulnerability:

Successful exploitation has been demonstrated on 32-bit Linux/glibc
systems with ASLR. Under lab conditions, the attack requires on
average 6-8 hours of continuous connections up to the maximum the
server will accept. Exploitation on 64-bit systems is believed to
be possible but has not been demonstrated at this time. It's likely
that these attacks will be improved upon.

Exploitation on non-glibc systems is conceivable but has not been
examined.

There is a
configuration workaround for systems that cannot be updated, though it
has its own problems. See this Qualys
advisory for more details.
https://lwn.net/Articles/980211/

Related News

News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Dec, Sun 22 - 11:29 CET