Headlines |
2024-07-03 |
Serious OpenSSH vulnerability patched |
|
A vulnerability was found in the OpenSSH service which could, under some circumstances, allow a remote attacker to run malicious code on the computer running OpenSSH. "In Portable OpenSSH versions 8.5p1 to 9.7p1 (inclusive). Race condition resulting in potential remote code execution. A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD systems. This attack could be prevented by disabling the login grace timeout (LoginGraceTime=0 in sshd_config) though this makes denial-of service against sshd(8) considerably easier. For more information, please refer to the release notes and the report from the Qualys Security Advisory Team who discovered the bug."
The release notes point out the attack requires many hours of performing connections against OpenSSH and has only been shown to work successfully against 32-bit targets, though 64-bit computers are (in theory) also vulnerable. This means any firewall throttling of incoming connections or utilities such as fail2ban should prevent the attack. Most distributions have already deployed a patch for OpenSSH to fix the vulnerability. |
More headlines from this project
Back to News
|
|
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|