Abuse Melding

Je hebt een klacht over de onderstaande posting:

29-03-2024, 21:15 door Anoniem

Op moment heeft de vinder de meeste informatie., Ook gelinkt in het artikel https://www.openwall.com/lists/oss-security/2024/03/29/4 "hoe en wat" : The prior section explains that RSA_public_decrypt@....plt was redirected to point into the backdoor code. The trace I was analyzing indeed shows that during a pubkey login the exploit code is invoked: sshd 1736357 [010] 714318.734008: 1 branches:uH: 5555555ded8c ssh_rsa_verify+0x49c (/usr/sbin/sshd) => 5555555612d0 RSA_public_decrypt@...+0x0 (/usr/sbin/sshd) The backdoor then calls back into libcrypto, presumably to perform normal authentication sshd 1736357 [010] 714318.734009: 1 branches:uH: 7ffff7c137cd [unknown] (/usr/lib/x86_64-linux-gnu/liblzma.so.5.6.0) => 7ffff792a2b0 RSA_get0_key+0x0 (/usr/lib/x86_64-linux-gnu/libcrypto.so.3) I have not yet analyzed precisely what is being checked for in the injected code, to allow unauthorized access. Since this is running in a pre-authentication ...

Beschrijf je klacht (Optioneel):

captcha