Reply to post: OpenSSH remote execution bug?

It's 2015, and someone can pwn Windows PCs by inserting a USB stick

Anonymous Coward
Anonymous Coward

OpenSSH remote execution bug?

One of the fixed security bugs (mentioned in the release notes) was:

* sshd(8): Portable OpenSSH only: Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution. Also reported by Moritz Jodeit.

Sounds like a remotely exploitable bug that may not need a local account. Anyone know the details?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019