this post was submitted on 01 Jul 2024
1 points (100.0% liked)

Security

1550 readers
1 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
LinearArray@programming.dev
1
CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems (seclists.org)
submitted 2 years ago by 0x0@programming.dev to c/security@programming.dev
0 comments fedilink hide all child comments
 

Regression in signal handler.

This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd's privileged code, which is not sandboxed and runs with full privileges.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here