982
Debian security amirite? (lemmy.world)
submitted 3 months ago by Emerald@lemmy.world to c/linuxmemes@lemmy.world
75 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] TangledHyphae@lemmy.world 0 points 3 months ago* (last edited 3 months ago)

The slowness is on purpose? To help identify the sshd in question to the attacker which nodes are compromised? What reason(s) could there be?

[-] getaway@lemmynsfw.com 6 points 3 months ago

He's talking about Debian's slowness in getting new versions to stable, and how the meme ignores security backports.

[-] TangledHyphae@lemmy.world 1 points 3 months ago

Ohh that makes way more sense, thanks. I haven't used Debian in like 10 years but it was obviously the same back then too.

[-] mumblerfish@lemmy.world 2 points 3 months ago

If the above decides to continue, the code appears to be parsing the symbol tables in memory. This is the quite slow step that made me look into the issue.

That is from the original find. Not sure the relevance of it and this being proof for it being "on purpose". But that is the origin of the slowness.

[-] TangledHyphae@lemmy.world 1 points 3 months ago

I doubt that was intentional, they would likely want to hide that latency but the CPU time required to scan everything just is what it is.

https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b

The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().

It's RCE, not auth bypass, and gated/unreplayable.

this post was submitted on 30 Mar 2024
982 points (98.6% liked)

linuxmemes

19758 readers
1364 users here now

I use Arch btw

Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
Linuxmemed@lemmy.world
poopsmith@lemmy.world
Geert@lemmy.world