Sujet : Re: Malware find in the news: xz related.
De : lew.pitcher (at) *nospam* digitalfreehold.ca (Lew Pitcher)
Groupes : comp.os.linux.miscDate : 31. Mar 2024, 14:59:57
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <uubq8s$1qpft$1@dont-email.me>
References : 1 2 3 4 5
User-Agent : Pan/0.139 (Sexual Chocolate; GIT bf56508 git://git.gnome.org/pan2)
On Sun, 31 Mar 2024 11:29:08 +0200, D wrote:
On Sun, 31 Mar 2024, Computer Nerd Kev wrote:
Computer Nerd Kev <not@telling.you.invalid> wrote:
MarioCCCP <NoliMihiFrangereMentulam@libero.it> wrote:
>
any hints to patch the vulnerability, or will it be
addressed soon and be released as security updates ?
>
The code was targeting Debian, and only reached the Testing version
of Debian
>
And RHEL, and of course all the distros based on those (or at least
those using Systemd).
>
>
How is this exploited? Does it require login/pw?
An "infected" system just needs an SSH server exposed to the internet
to be exploited. The "bad actor" uses a pre-built key to initiate
contact and contact doesn't go any further than key validation.
However, the key validation of a bad-actor key causes SSHd to extract
a payload from the key, and pass that payload to a system(3) call.
So, while the "bad actor" initiator never officially "logs on" to
the system (no userid, etc), they are afforded sshd privilege-level
access to the system to run commands.
HTH
-- Lew Pitcher"In Skills We Trust"
Malware find in the news: xz related.
Re: Malware find in the news: xz related.
