XZ backdoor: “It’s RCE, not auth bypass, and gated/unreplayable.”

Source: Hacker News

Article note: Ever wilder: it now appears the call interception is setting up an RCE for the holder of a specific private key, because login attempts with a specific RSA key would result in the next part of the packet being executed by the sshd process via system(). That's _real_ bad nation-state actor type shit.
This entry was posted in News. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *