Howard Chu @ Symas on Nostr: OpenSSH 9.8 released, fixes a critical race condition on Linux (which can allow RCE ...
OpenSSH 9.8 released, fixes a critical race condition on Linux (which can allow RCE as root) and a bug in keystroke timing mitigation
https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041430.html
Of course if they'd adopted LINEMODE support as I recommended 14 years ago, they would never have been vulnerable to keystroke timing attacks.
https://github.com/hyc/OpenSSH-LINEMODE
https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041430.html
Of course if they'd adopted LINEMODE support as I recommended 14 years ago, they would never have been vulnerable to keystroke timing attacks.
https://github.com/hyc/OpenSSH-LINEMODE