XZ backdoor: “It’s RCE, not auth bypass, and gated/unreplayable.”

Posted on 2024-03-30 by pappp

Article note: Ever wilder: it now appears the call interception is setting up an RCE for the holder of a specific private key, because login attempts with a specific RSA key would result in the next part of the packet being executed by the sshd process via system(). That's _real_ bad nation-state actor type shit.

Comments

This entry was posted in News. Bookmark the permalink.

Leave a Reply Cancel reply

Search for:
Web Presence
- Lemmy
- last.fm
- Linkedin
Page Navigation
- About Me
- Schedule
- News
Meta
May 2024

S M T W T F S

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30 31

« Apr
Recent Posts
Random Quote

Your work is going to fill a large part of your life, and the only way to be truly satisfied is to do what you believe is great work. And the only way to do great work is to love what you do…

— Steve Jobs
Categories
- Announcements
- Computers
- DIY
- Electronics
- Entertainment
- FoodBlogging
- General
- Literature
- Meta
- Music
- Navel Gazing
- News
- Objects
- OldBlog
- School
License

Unless otherwise noted, this work is licensed under a Creative Commons Attribution-ShareAlike 3.0 United States License.

XZ backdoor: “It’s RCE, not auth bypass, and gated/unreplayable.”

Leave a Reply Cancel reply

Web Presence

Page Navigation

Meta

Recent Posts

Random Quote

Categories

License