Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.zunda.ninja/users/zundan/statuses/112180698596933499">zunda (zundan@mastodon.zunda.ninja)'s status on Saturday, 30-Mar-2024 04:47:01 JST</a><a href="https://mastodon.zunda.ninja/@zundan" title="zundan@mastodon.zunda.ninja"><img src="https://gnusocial.jp/avatar/285-48-20230130022456.gif" width="48" height="48" alt="zunda" style="position: absolute; left: 0; top: 0;">zunda</a><div><a href="https://gamingjp.org/@hinketu_n/112180655525915815" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/4845" title="mstdnoyster@gnusocial.jp">かき@GNUsocialJP</a></li></ul></div></section><article><p><a href="https://gamingjp.org/@hinketu_n">@hinketu_n</a> <a href="https://www.openwall.com/lists/oss-security/2024/03/29/4" rel="nofollow noreferrer">https://www.openwall.com/lists/oss-security/2024/03/29/4</a> をざっくり読んだ限り、sshdが公開鍵認証をする過程で何かのコードを実行しているみたいだ、とのことです。</p><p>&gt; Since this is running in a pre-authentication context, it seems likely to allow some form of access or other form of remote code execution.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2879219#notice-5720544">In conversation</a><time datetime="2024-03-30T04:47:01+09:00" title="Saturday, 30-Mar-2024 04:47:01 JST">about 8 months ago</time> <span>from <span><a href="https://mastodon.zunda.ninja/@zundan/112180698596933499" rel="external" title="Sent from mastodon.zunda.ninja via ActivityPub">mastodon.zunda.ninja</a></span></span><a href="https://mastodon.zunda.ninja/@zundan/112180698596933499">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: www.openwall.com</div><h5><a href="https://www.openwall.com/lists/oss-security/2024/03/29/4">oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
zunda (zundan@mastodon.zunda.ninja)'s status on Saturday, 30-Mar-2024 04:47:01 JSTzunda
in reply to
- hinketu🎮WizardryPG
- かき@GNUsocialJP
@hinketu_n https://www.openwall.com/lists/oss-security/2024/03/29/4 をざっくり読んだ限り、sshdが公開鍵認証をする過程で何かのコードを実行しているみたいだ、とのことです。
> Since this is running in a pre-authentication context, it seems likely to allow some form of access or other form of remote code execution.
In conversationabout 8 months ago from mastodon.zunda.ninjapermalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.openwall.com
  oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise

Public

Embed Notice

HTML Code

Corresponding Notice