Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/114029757435540851">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 19-Feb-2025 18:07:04 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250225114715.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a></section><article><p>Qualys dropped another two OpenSSH vulns this week - CVE-2025-26465 &amp; CVE-2025-26466</p><p>I don’t think either are bad, you should keep calm and patch as per usual. </p><p>The first one needs a non-default config, and PoC for the second also uses a non-default config. Neither are RCE and I doubt will ever see in the wild exploitation. </p><p>Blog: <a href="https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466" rel="nofollow noreferrer">https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466</a></p><p>Proof of concept: <a href="https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt" rel="nofollow noreferrer">https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4591954#notice-8989575">In conversation</a><time datetime="2025-02-19T18:07:04+09:00" title="Wednesday, 19-Feb-2025 18:07:04 JST">about 4 months ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/114029757435540851" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/114029757435540851">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/4164017">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/4164018">Untitled attachment</a></label><br><div>Invalid filename.</div></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 19-Feb-2025 18:07:04 JST Kevin Beaumont
Qualys dropped another two OpenSSH vulns this week - CVE-2025-26465 & CVE-2025-26466
I don’t think either are bad, you should keep calm and patch as per usual.
The first one needs a non-default config, and PoC for the second also uses a non-default config. Neither are RCE and I doubt will ever see in the wild exploitation.
Blog: https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466
Proof of concept: https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
In conversationabout 4 months ago from cyberplace.socialpermalink
Attachments
1. Untitled attachment
2. Untitled attachment
  Invalid filename.

Public

Embed Notice

HTML Code

Corresponding Notice