OpenSSH: race condition in sshd allows remote code execution ( stackdiary.com )

lemmyvore , 1 day ago

Last I read about it it required connecting for 6-7 hours continuously on 32bit systems, and it's unknown how long it would take on 64bit.

tmpod OP , 1 day ago

Yeah, exactly. Very impracticable.

andrew , 1 day ago

But, eventually exploitable is still a pretty major concern for anybody who has systems running longer than a few days at a time.

tmpod OP , 1 day ago

True, an RCE is always a serious thing. Just saying it's not exactly catastrophic like others have been more so.

whereisk , 1 day ago

I can’t imagine any system of influence running an exposed ssh without some further protection from connection abuse like fail2ban.

Midnight1938 , 1 day ago

Reminds me of the nide-ip guy making thn repo read only because of amateur researchers filling up cve s

recapitated , 2 days ago

I always use my ssh server for remote code execution.

m88youngling , 2 days ago

technically the truth!

tmpod OP , 2 days ago

musl isn't vulnerable, as per https://fosstodon.org/@musl/112711796005712271