this post was submitted on 30 Mar 2024
982 points (98.6% liked)

linuxmemes

19910 readers
3239 users here now

I use Arch btw

Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
Linuxmemed@lemmy.world
poopsmith@lemmy.world
Geert@lemmy.world
982
Debian security amirite? (lemmy.world)
submitted 3 months ago by Emerald@lemmy.world to c/linuxmemes@lemmy.world
75 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] TangledHyphae@lemmy.world 1 points 3 months ago

I doubt that was intentional, they would likely want to hide that latency but the CPU time required to scan everything just is what it is.

https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b

The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().

It's RCE, not auth bypass, and gated/unreplayable.