XZ backdoor: “It’s RCE, not auth bypass, and gated/unreplayable.”

Posted on 2024-03-30 by pappp

Article note: Ever wilder: it now appears the call interception is setting up an RCE for the holder of a specific private key, because login attempts with a specific RSA key would result in the next part of the packet being executed by the sshd process via system(). That's _real_ bad nation-state actor type shit.

Comments

This entry was posted in News. Bookmark the permalink.

Leave a Reply Cancel reply

Search for:
Web Presence
- Lemmy
- last.fm
- Linkedin
Page Navigation
- About Me
- Schedule
- News
Meta
December 2024

S M T W T F S

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30 31

« Nov
Recent Posts
Random Quote

Even if you do something that others might consider wrong, you should at least be willing to talk about it and tell your parents what you’re doing because you believe it’s right.

— Steve Wozniak
Categories
- Announcements
- Computers
- DIY
- Electronics
- Entertainment
- FoodBlogging
- General
- Literature
- Meta
- Music
- Navel Gazing
- News
- Objects
- OldBlog
- School
License

Unless otherwise noted, this work is licensed under a Creative Commons Attribution-ShareAlike 3.0 United States License.

XZ backdoor: “It’s RCE, not auth bypass, and gated/unreplayable.”

Leave a Reply Cancel reply

Web Presence

Page Navigation

Meta

Recent Posts

Random Quote

Categories

License