Openssh 7.9p1 Exploit Today

OpenSSH 7.9p1 is not a house of cards waiting for a single \x90\x90\x90 to collapse. It is a rusty lock on a wooden door. It won't break from a magic skeleton key, but it will shatter under a well-aimed shoulder barge.

Liked this? Check out my next post: "Is OpenSSL 1.0.2 really that bad? (Yes. Yes it is.)"

for user in root admin ubuntu; do ssh -o PreferredAuthentications=none $user@target "2>&1" | grep "Permission denied (publickey)"; done

Or, how I learned to stop worrying and love the changelog.

The real exploit is staring at the auth log. 7.9p1 logs everything. Wait for an admin to mistype their password. Or for a cron job to leak an argument. The Verdict: Patch or Panic? Do not panic. But do patch.

OpenSSH 7.9p1 is not a house of cards waiting for a single \x90\x90\x90 to collapse. It is a rusty lock on a wooden door. It won't break from a magic skeleton key, but it will shatter under a well-aimed shoulder barge.

Liked this? Check out my next post: "Is OpenSSL 1.0.2 really that bad? (Yes. Yes it is.)"

for user in root admin ubuntu; do ssh -o PreferredAuthentications=none $user@target "2>&1" | grep "Permission denied (publickey)"; done

Or, how I learned to stop worrying and love the changelog.

The real exploit is staring at the auth log. 7.9p1 logs everything. Wait for an admin to mistype their password. Or for a cron job to leak an argument. The Verdict: Patch or Panic? Do not panic. But do patch.

Быстрый вызов мастера на дом или в офис
 
This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)