1. Forum
  2. tqwNet
  3. TQW LINUX

  • Serious vulnerability fixed with OpenSSH 9.8

    From LWN.net@1337:1/100 to All on Mon Jul 1 14:00:05 2024
    Serious vulnerability fixed with OpenSSH 9.8

    Date:
    Mon, 01 Jul 2024 12:53:18 +0000

    Description:
    OpenSSH 9.8 has been
    released, fixing an ugly vulnerability: Successful exploitation has been demonstrated on 32-bit Linux/glibc
    systems with ASLR. Under lab conditions, the attack requires on
    average 6-8 hours of continuous connections up to the maximum the
    server will accept. Exploitation on 64-bit systems is believed to
    be possible but has not been demonstrated at this time. It's likely
    that these attacks will be improved upon. Exploitation on non-glibc systems is conceivable but has not been
    examined. There is a
    configuration workaround for systems that cannot be updated, though it
    has its own problems. See this Qualys
    advisory for more details.

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/980211/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)