minus-squarelurklurk@lemmy.worldtoLinux@programming.dev•'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systemslinkfedilinkarrow-up28arrow-down1·5 months agothe in depth technical details TL;DR; sigalarm handler calls syslog which isn’t safe to call from a signal handler context. Their example exploit needed about 10k attempts to get a remote shell so it’s not fast or quiet, but a neat find regardless linkfedilink
the in depth technical details
TL;DR; sigalarm handler calls syslog which isn’t safe to call from a signal handler context.
Their example exploit needed about 10k attempts to get a remote shell so it’s not fast or quiet, but a neat find regardless