Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror

Submission + - regreSSHion: Unauthenticated Remote Root Vulnerability in OpenSSH Server (qualys.com)

Submitted by Artem S. Tashkinov
Artem S. Tashkinov writes: The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration.

Based on searches using Censys and Shodan, we have identified over 14 million potentially vulnerable OpenSSH server instances exposed to the Internet. Anonymized data from Qualys CSAM 3.0 with External Attack Surface Management data reveals that approximately 700,000 external internet-facing instances are vulnerable. This accounts for 31% of all internet-facing instances with OpenSSH in our global customer base.

In our security analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006. A regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue. This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment. This regression was introduced in October 2020 (OpenSSH 8.5p1).
First Person Shooters (Games)

The Duke Is Finally Back, For Real 309

Posted by kdawson from the better-be-good dept.
After the first announcement on 1997-04-27 and over eleven years of fresh start after fresh start, Duke Nukem Forever finally comes to your system. At least if your system is an Xbox 360. Jon Siegler, the webmaster of 3D Realms, confirms this on their site: "As has been reported around the net today, we can confirm that the game has indeed passed final certification with Microsoft on Friday the 15th of August (on our first try, no less). That means the game is done — it is now in the hands of Microsoft." Update: 08/19 10:47 GMT by T : Several readers have written with a correction: this announcement is actually about Duke Nukem 3D, rather than Duke Nukem Forever.

Comment Eh, you're lucky to count your spams by the week! (Score 1) 126

by blanne (#18697035) Attached to: Live spam-catching contest at CEAS

I wish my Gmail account was like that. Maybe you're new to Gmail. I get several spams in my inbox per week.
I wish my Gmail account was like that. Maybe you only have geeky friends that don't forward your address to the nearest known spammer. I get several spams in my inbox every day. In plain english, even. With lovely "Hot pictures of paris hilton nude" and everything.

Perhaps this is because I have email forwarded to my gmail account from several other accounts. And those accounts are probably not in the same spam batches as all the gmail recipients. So maybe I'm really lucky and get the latest spam before the rest of you gmailers, even without paying for a subscription!

Yes yes, of course I do my duty and mark those 0-day mails as spam, even though I don't seem to get anything out of it myself...

More Voting Shenanigans in Florida 680

Posted by ScuttleMonkey from the just-don't-feed-them-after-midnight dept.
stewwy writes "It looks like the the shenanigans have started already, the Register is running a story about the difficulty early voters are having with casting votes for Democrats." From the article: "The touch-screen gizmos seem strangely attracted to Republican candidates. One voter needed assistance from an election official, and even then, needed three tries to convince the machine that he wanted to vote for Democrat Jim Davis in the gubernatorial race, not his Republican opponent Charlie Crist."

Being Peter Molyneux 21

Posted by Zonk from the less-talk-more-games dept.
simoniker writes "Gamasutra has an interview with Lionhead's Peter Molyneux up, in which he discusses next-gen technology choices, his troubles with the press, and his overwhelming drive to succeed, as well as some new thoughts on Fable 2. On his press difficulties: 'I've come to realize that the way I speak, the things I talk about are going to be interpreted. And that sometimes leads to misquotes, and that sometimes that can be frustrating, but for example — the talk I've given today, there's nothing for me to point to onscreen — I'm just giving you a braindump of my ideas. And half of that — half of the interest of that is the interpretation you put on it in your own mind... I'll be absolutely honest with you, sometimes in the past I've actually changed little bits of the game to match the misquote, however insane that sounds.'"

New Solar Panel Technology Gaining Momentum 181

Posted by kdawson from the turn-toward-the-light dept.
jessiej writes, "Even though copper indium gallium selenide (CIGS), a newer type of solar panel, is less efficient than its silicon counterpart, millions are being invested in manufacturing. From the article: 'CIGS panels use far less raw material than silicon solar panels and the factories themselves cost less to build,' $25 million compared to $230 million in one example. These types of panels could even be made into a t-shirt logo."

Slashdot Top Deals

Steve Jobs said two years ago that X is brain-damaged and it will be gone in two years. He was half right. -- Dennis Ritchie

Close