MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
are
Search

Another OpenSSH remote code execution vulnerability

Tuesday July 9, 2024. 03:36 PM , from LWN.net
Alexander 'Solar Designer' Peslyak has disclosed another OpenSSH
vulnerability that can be exploited for remote code execution, but only
on distributions that have applied a patch to add auditing support.
Specifically, RHEL 9 and derivatives are affected, as are
Fedora 36 and 37 (but not later releases).

The main difference from CVE-2024-6387 is that the race condition
and RCE potential are triggered in the privsep child process, which
runs with reduced privileges compared to the parent server process.
So immediate impact is lower. However, there may be differences in
exploitability of these vulnerabilities in a particular scenario,
which could make either one of these a more attractive choice for
an attacker, and if only one of these is fixed or mitigated then
the other becomes more relevant.
Read more at LWN.net
https://lwn.net/Articles/981287/

Related News

are [$] Restricting execution of scripts — the third approach LWN.netJul 19
these Maximum-severity Cisco vulnerability allows attackers to change admin passwords TheRegisterJul 18
another Mistral’s new Codestral Mamba to aid longer code generation ComputerWorldJul 17
vulnerability Mistral’s new Codestral Mamba to aid longer code generation InfoWorldJul 17
nbsp Theia IDE: Eclipse’s answer to Visual Studio Code InfoWorldJul 17
remote Navigate your Apple TV more easily with this $24 user-friendly button remote! BoingBoingJul 16
openssh Nation's Last Morse Code Station Comes Back To Life On Annual 'Night of Nights' In Point Reyes SlashdotJul 16
execution Can’t update Windows due to error code 0x80070643? Here’s what to do PC WorldJul 15
code ZDI shames Microsoft for – yet another – coordinated vulnerability disclosure snafu TheRegisterJul 15
one Nasty Spoofing Attack Resurrects Internet Explorer Vulnerability in Windows 10 and 11 SlashdotJul 13
only Source code: The source of truth for securing the API attack surface  BetaNewsJul 13
process OpenAI Working On New Reasoning Technology Under Code Name 'Strawberry' SlashdotJul 13
which OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable TheRegisterJul 11
are Strong SLAs critical for vulnerability management BetaNewsJul 10
these GitHub AI code assistant lawsuit dismissed BoingBoingJul 10
another Coders' Copilot code-copying copyright claims crumble against GitHub, Microsoft TheRegisterJul 9
vulnerability Eclipse Foundation Releases Open-Source Theia IDE - Compatible with VS Code Extensions SlashdotJul 6
nbsp 384,000 Sites Pull Code From Sketchy Code Library Recently Bought By Chinese Firm SlashdotJul 5
remote This tiny indoor home security cam with remote tilt/pan is only $23 PC WorldJul 5
openssh Latest Ghostscript vulnerability haunts experts as the next big breach enabler TheRegisterJul 5
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Nov, Thu 21 - 16:20 CET