Sujet : Re: Malware find in the news: xz related.
De : rainbow (at) *nospam* colition.gov (Popping Mad)
Groupes : comp.os.linux.miscDate : 06. Apr 2024, 00:53:40
Autres entêtes
Organisation : PANIX Public Access Internet and UNIX, NYC
Message-ID : <uuq2v8$cq2$1@reader1.panix.com>
References : 1 2 3 4 5 6
User-Agent : Mozilla Thunderbird
On 3/31/24 09:59, Lew Pitcher wrote:
On Sun, 31 Mar 2024 11:29:08 +0200, D wrote:
On Sun, 31 Mar 2024, Computer Nerd Kev wrote:
>
Computer Nerd Kev <not@telling.you.invalid> wrote:
MarioCCCP <NoliMihiFrangereMentulam@libero.it> wrote:
>
any hints to patch the vulnerability, or will it be
addressed soon and be released as security updates ?
>
The code was targeting Debian, and only reached the Testing version
of Debian
>
And RHEL, and of course all the distros based on those (or at least
those using Systemd).
>
>
>
How is this exploited? Does it require login/pw?
An "infected" system just needs an SSH server exposed to the internet
to be exploited. The "bad actor" uses a pre-built key to initiate
contact and contact doesn't go any further than key validation.
However, the key validation of a bad-actor key causes SSHd to extract
a payload from the key, and pass that payload to a system(3) call.
So, while the "bad actor" initiator never officially "logs on" to
the system (no userid, etc), they are afforded sshd privilege-level
access to the system to run commands.
HTH
Thanks for the rundown Lew.
Reuvain
Malware find in the news: xz related.
Re: Malware find in the news: xz related.
