OpenSSH 可移植版-遠端代碼競行漏洞

二 02 七月 2024 by ols3

sshd(8) in Portable OpenSSH versions 8.5p1 to 9.7p1 (inclusive). Race condition resulting in potential remote code execution. A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD systems. This attack could be prevented by disabling the login grace timeout (LoginGraceTime=0 in sshd_config) though this makes denial-of service against sshd(8) considerably easier. For more information, please refer to the release notes and the report from the Qualys Security Advisory Team who discovered the bug.

可移植 OpenSSH 版本 8.5p1 至 9.7p1（含）中的 sshd（8）潛在遠端代碼執行的爭用條件。 sshd（8）中的爭用條件允許在非 OpenBSD 系統上以 root 身份遠端執行代碼。這種攻擊可以通過禁用登錄寬限超時（ LoginGraceTime=0 在 sshd_config 中）來防止，儘管這會使針對 sshd（8）的拒絕服務變得容易得多。有關更多資訊，請參閱發現該漏洞的 Qualys 安全諮詢團隊的發行說明和報告。

Debian Linux OpenSSH 修補情況

xz-utils 植入後門 (CVE-2024-3094)

五 29 三月 2024 by ols3

xz-utils: backdoor in upstream xz/liblzma leading to ssh server compromise

Debian CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing …