|
@marver | |||||
|
An OpenSSH bug, that does not happen very often!
PSA: The RCE here is heavily constrained, i.e. the victim has to parse a malicious XMSS private key. A problem in cloud envs, but when reading Pre-Auth and RCE I think of an exploit over the network alone..Still a nice bug. :-) twitter.com/SecuriTeam_SSD…
|
||||||
|
||||||
|
Andreas Lindh 🏴
@addelindh
|
10. lis |
|
TL;DR: do not parse keys from Angela Merkel
|
||
|
|
||
|
Markus Vervier
@marver
|
10. lis |
|
Not even from Extended Merkel?
|
||
|
|
||
|
argp
@_argp
|
10. lis |
|
a 32-bit system is also a restricting factor
|
||
|
|
||