all InfoSec News
New Open SSH Vulnerability
Schneier on Security www.schneier.com
It’s a serious one:
The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration.
[…]
This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, …
code code execution compromise configuration default exploited glibc linux linux systems openssh race race condition rce remote code remote code execution risk root security security risk serious server signal ssh sshd system systems unauthenticated vulnerabilities vulnerability