Forgot your password?
Close
typodupeerror

Submission + - regreSSHion: Unauthenticated Remote Root Vulnerability in OpenSSH Server (qualys.com)

Submitted by Artem S. Tashkinov
Artem S. Tashkinov writes: The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration.

Based on searches using Censys and Shodan, we have identified over 14 million potentially vulnerable OpenSSH server instances exposed to the Internet. Anonymized data from Qualys CSAM 3.0 with External Attack Surface Management data reveals that approximately 700,000 external internet-facing instances are vulnerable. This accounts for 31% of all internet-facing instances with OpenSSH in our global customer base.

In our security analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006. A regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue. This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment. This regression was introduced in October 2020 (OpenSSH 8.5p1).

Submission + - First person saved by a police drone in Canada (theverge.com)

Submitted by AchilleTalon
AchilleTalon writes: As the US continues to grapple with the idea of letting drones fly through the country's airspace, our neighbors to the north have reported a new milestone for unmanned aerial technology: the first life saved using a drone. The Royal Canadian Mounted Police in the province of Saskatchewan announced yesterday that they successfully used the small Draganflyer X4-ES helicopter drone to locate and treat an injured man whose car had flipped over in a remote, wooded area in near-freezing temperatures. Zenon Dragan, president and founder of the Draganfly company that makes the drone, said in a statement: "to our knowledge, this is the first time that a life may have been saved with the use of a sUAS (small Unmanned Aerial System) helicopter."

IE7 Compatibility a Developer Nightmare 416

Posted by CmdrTaco from the one-better-than-six dept.
yavori writes "Internet Explorer 7 has kicked in at last on all MS Windows OS running PCs because of the fact M$ decided to force it's users to migrate through update. In fact this has started a IE7 Web Developers Nightmare. The article actually explains that most of the small company B2C sites may just fall from grace because of IE7 incompatibility. One of the coolest thing IE7 is unable to do is actually processing form data when clicked on an INPUT field of TYPE IMG... which is pretty uncool for those using entire payment processes with such INPUT fields."

Rumsfeld Requests 24-hour Propaganda Machine 1327

Posted by ScuttleMonkey from the brainwashing-not-out-of-the-question dept.
jasonditz writes "The BBC is reporting that US Secretary of Defense Donald Rumsfeld is unhappy with the existing propaganda systems in place and insists that the US must create a 'more effective, 24-hour propaganda machine' or risk losing the battle for the minds of Muslims. In an era where we've already got government-created and funded media outlets and the Pentagon bribing Iraqi journalists to run favorable war stories, not to mention other departments paying journalists to endorse their positions, it begs the question, how much more can they possibly do?"

Slashdot Top Deals

When we write programs that "learn", it turns out we do and they don't.

Close