Regression in signal handler.

This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd’s privileged code, which is not sandboxed and runs with full privileges.

  • refalo@programming.dev
    link
    fedilink
    English
    arrow-up
    0
    ·
    5 months ago

    what does that mean? I don’t understand multiple signs in the same sentence and what is the significance of having “OpenSSH” in the middle?

    • cucumberbob@programming.dev
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      You can read them as separate statements with the middle repeated and a logical AND between them:

      If (8.5p1 <= your OpenSSH version) AND (your OpenSSH version < 9.8p1) Then you are vulnerable

      It’s the same as saying if your OpenSSH version is between these two versions (including 8.5p1, but not 9.8p1), then you are vulnerable