Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/mroszko/statuses/112191221089738076">mroszko (mroszko@mastodon.social)'s status on Monday, 01-Apr-2024 01:27:29 JST</a><a href="https://mastodon.social/@mroszko" title="mroszko@mastodon.social"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="mroszko" style="position: absolute; left: 0; top: 0;">mroszko</a><div><a href="https://cyberplace.social/@GossiTheDog/112189908304964991" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://cyberplace.social/@GossiTheDog">@GossiTheDog</a> The systemd change would have sealed off the ssh attacker vector. But liblzma is linked into plenty of other libraries. Just using rdepends even python,tor has a depend on it. So they could have still had value in alternate attack vectors, just not ssh which may have been more universal.</p><p>Heck libxml2 depends on liblzma5, so there are even more attack targets like postgres, ruby, php, etc</p><p>Kind of a waste to rush, but it may be why they added a plugin system for additional payloads.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2884753#notice-5734166">In conversation</a><time datetime="2024-04-01T01:27:29+09:00" title="Monday, 01-Apr-2024 01:27:29 JST">about 8 months ago</time> <span>from <span><a href="https://mastodon.social/@mroszko/112191221089738076" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@mroszko/112191221089738076">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
mroszko (mroszko@mastodon.social)'s status on Monday, 01-Apr-2024 01:27:29 JSTmroszko
in reply to
- Kevin Beaumont
@GossiTheDog The systemd change would have sealed off the ssh attacker vector. But liblzma is linked into plenty of other libraries. Just using rdepends even python,tor has a depend on it. So they could have still had value in alternate attack vectors, just not ssh which may have been more universal.
Heck libxml2 depends on liblzma5, so there are even more attack targets like postgres, ruby, php, etc
Kind of a waste to rush, but it may be why they added a plugin system for additional payloads.
In conversationabout 8 months ago from mastodon.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice