Navigation
Search
|
Serious vulnerability fixed with OpenSSH 9.8
Monday July 1, 2024. 02:53 PM , from LWN.net
OpenSSH 9.8 has been
released, fixing an ugly vulnerability: Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon. Exploitation on non-glibc systems is conceivable but has not been examined. There is a configuration workaround for systems that cannot be updated, though it has its own problems. See this Qualys advisory for more details.
https://lwn.net/Articles/980211/
Related News |
25 sources
Current Date
Dec, Sun 22 - 11:29 CET
|