Possibly linux@lemmy.zip to Linux@lemmy.mlEnglish · 10 months agoXZ backdoor in a nutshelllemmy.zipimagemessage-square9fedilinkarrow-up14arrow-down10
arrow-up14arrow-down1imageXZ backdoor in a nutshelllemmy.zipPossibly linux@lemmy.zip to Linux@lemmy.mlEnglish · 10 months agomessage-square9fedilink
minus-squared3Xt3r@lemmy.nzMlinkfedilinkarrow-up1·10 months agoThis is informative, but unfortunately it doesn’t explain how the actual payload works - how does it compromise SSH exactly?
minus-squareAatube@kbin.melroy.orglinkfedilinkarrow-up0·10 months agoIt allows a patched SSH client to bypass SSH authentication and gain access to a compromised computer
minus-squared3Xt3r@lemmy.nzMlinkfedilinkarrow-up1·edit-210 months agoFrom what I’ve heard so far, it’s NOT an authentication bypass, but a gated remote code execution. There’s some discussion on that here: https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b But it would be nice to have a similar digram like OP’s to understand how exactly it does the RCE and implements the SSH backdoor. If we understand how, maybe we can take measures to prevent similar exploits in the future.
This is informative, but unfortunately it doesn’t explain how the actual payload works - how does it compromise SSH exactly?
It allows a patched SSH client to bypass SSH authentication and gain access to a compromised computer
From what I’ve heard so far, it’s NOT an authentication bypass, but a gated remote code execution.
There’s some discussion on that here: https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b
But it would be nice to have a similar digram like OP’s to understand how exactly it does the RCE and implements the SSH backdoor. If we understand how, maybe we can take measures to prevent similar exploits in the future.