all InfoSec News logo
all InfoSec News - Your InfoSec news aggregator
Log in Sign up
all InfoSec News

New Open SSH Vulnerability

Add to bookmarks
July 3, 2024, 3:27 p.m. | Bruce Schneier

Schneier on Security www.schneier.com

It’s a serious one:


The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration.


[…]


This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, …

code code execution compromise configuration default exploited glibc linux linux systems openssh race race condition rce remote code remote code execution risk root security security risk serious server signal ssh sshd system systems unauthenticated vulnerabilities vulnerability

Visit resource

More from www.schneier.com / Schneier on Security

Friday Squid Blogging: Newly Discovered Vampire Squid 1 day, 15 hours ago | www.schneier.com
blog blogging china moderation +6
New Open SSH Vulnerability 3 days, 21 hours ago | www.schneier.com
code code execution compromise configuration +25
Upcoming Book on AI and Democracy 4 days, 18 hours ago | www.schneier.com
artificial intelligence author blog book +13
Public Surveillance of Bars 5 days, 1 hour ago | www.schneier.com
app article commentary openness +4
Model Extraction from Neural Networks 6 days, 1 hour ago | www.schneier.com
academic papers adi shamir cryptanalysis cryptography +14
Friday Squid Blogging: New Squid Species 1 week, 1 day ago | www.schneier.com
academic papers blogging family large +5
James Bamford on Section 702 Extension 1 week, 2 days ago | www.schneier.com
act article extension fisa +9
Security Analysis of the EU’s Digital Wallet 1 week, 3 days ago | www.schneier.com
analysis credentials cryptanalysis cryptography +14
The US Is Banning Kaspersky 1 week, 4 days ago | www.schneier.com
action administration antivirus ban +18

Jobs in InfoSec / Cybersecurity

Find Talent

Cyber Security Project Engineer

@ Dezign Concepts LLC | Chantilly, VA
View on infosec-jobs.com

Cloud Cybersecurity Incident Response Lead

@ Maveris | Martinsburg, West Virginia, United States
View on infosec-jobs.com

Sr Staff Security Researcher (Malware Research - Antivirus Systems)

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

Identity & Access Management, Senior Associate

@ PwC | Toronto - 18 York Street
View on infosec-jobs.com

Senior Manager, AI Security

@ Lloyds Banking Group | London 10 Gresham Street
View on infosec-jobs.com

Senior Red Team Engineer

@ Adobe | Remote California
View on infosec-jobs.com