Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.parastor.net/@eroc1990" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>eroc1990</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.green/@JohnDal" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>JohnDal</span></a></span> I disagree, as all such <a href="https://infosec.space/tags/SupplyChainAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainAttacks</span></a> are merely based upon lack or <a href="https://infosec.space/tags/reviewers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reviewers</span></a> and lack of <a href="https://infosec.space/tags/funding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>funding</span></a>.</p><ul><li>Whereas with <a href="https://infosec.space/tags/CCSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CCSS</span></a> you have no independent auditability as with <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FLOSS</span></a> and <em>everything</em> is a <em>"<a href="https://infosec.space/tags/TrustMeBro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrustMeBro</span></a>!"</em> approach, which <em>ALL</em> the <a href="https://infosec.space/tags/GAFAMs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GAFAMs</span></a>, <a href="https://infosec.space/tags/PRISM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PRISM</span></a>-Collaborators, <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a> subjects and willingful <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> integrators have forfeilt by their actions!</li></ul><p>Not to mention it's easier and faster to fix <a href="https://infosec.space/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> as well as the <a href="https://infosec.space/tags/diversity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>diversity</span></a> of systems mitigate said issues (i.e. <a href="https://infosec.space/tags/dropbear" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dropbear</span></a> was affected by <em>neither</em> <a href="https://infosec.space/tags/RegreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RegreSSHion</span></a> <a href="https://infosec.space/tags/XZ" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XZ</span></a>'s <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoor</span></a>, likely preventing another <a href="https://infosec.space/tags/Mirai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mirai</span></a>-Style <a href="https://infosec.space/tags/Botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Botnet</span></a> from being created...</p><ul><li>Instead of shoving money into buying <a href="https://infosec.space/tags/CSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CSS</span></a> Governments should instead provide proper fundibg to <a href="https://infosec.space/tags/OSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OSS</span></a>, instead of wasting it on <a href="https://infosec.space/tags/HypeBasedDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HypeBasedDevelopment</span></a> / <a href="https://infosec.space/tags/BuzzwordDrivenDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BuzzwordDrivenDevelopment</span></a> like <a href="https://infosec.space/tags/Zensursula" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zensursula</span></a>'s <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> does with garbage like <em>"<a href="https://infosec.space/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a>"</em>...</li></ul><p>After all, these issues are systemic, and denying the root cause is turning a blind eye at the obvious fix!</p>
Recent searches
No recent searches
Search options
Only available when logged in.
social.coop is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Fediverse instance for people interested in cooperative and collective projects. If you are interested in joining our community, please apply at https://join.social.coop/registration-form.html.
Administered by:
Server stats:
479active users
social.coop: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#regresshion
0 posts · 0 participants · 0 posts today
🦠Toxic Flange (Gurjeet)🔬⚱️🌚<p>So I just read on <span class="h-card" translate="no"><a href="https://defcon.social/@dcuthbert" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dcuthbert@defcon.social</span></a></span> 's ( not that active on Masto - so <span class="h-card" translate="no"><a href="https://bird.makeup/users/dcuthbert" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dcuthbert@bird.makeup</span></a></span> for sauce) writeup on the <a href="https://infosec.exchange/tags/regresshion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regresshion</span></a> <a href="https://infosec.exchange/tags/poc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>poc</span></a> backdoor ( <a href="https://bird.makeup/users/dcuthbert/statuses/1811327974513295432" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bird.makeup/users/dcuthbert/st</span><span class="invisible">atuses/1811327974513295432</span></a>)</p><p>While they point out they would have used LKM to hide processes better, I just ran into something I didn't consider in hiding processes, <code>PID namespaces</code> ! </p><p>Edit 1(disclaimer, I'm ignorant): This is a half baked thought process, and I haven't tested out this theory.. Might be a foot in mouth moment! </p><p>This idea courtesy of <a href="https://infosec.exchange/tags/synology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>synology</span></a> 's distro with their NAS (maybe their router software too).</p><p>My Synology runs their "ContainerManager" package which is just docker. In the ContainerManager, I am running jellyfin and gitea.</p><p>My usual experience in seeing what containers are running from a system defaults PoV from the shell I can run <code>ps auxw</code> or <code>ps -eLf</code> and I will expect to see the processes running from docker. I've attached a screenshot of docker in arch running jellyfin. </p><p>There's also a screenshot of jellfyin running in Synology's 'locked down OS'. You can see its running, because <code>docker ps -a</code> tells us so.</p><p>Heck from a system point of view, you can't even see docker/containerd running like you can from other Linux distros. Whats going on? </p><p>Namespaces! </p><p>Its not just for containers, available on enabled Linux kernels everywhere!</p><p>Check out <span class="h-card" translate="no"><a href="https://social.jvns.ca/@b0rk" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>b0rk</span></a></span> most excellent intro and writeup on it if you're not familiar. [<a href="https://jvns.ca/blog/2016/10/10/what-even-is-a-container/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">jvns.ca/blog/2016/10/10/what-e</span><span class="invisible">ven-is-a-container/</span></a>]</p><p>Can you turn off namespaces on servers not meant to run containers? I believe you can restrict them with sysctl calls but I'm unsure of modern day distros for server use need them. </p><p>So do you trust your vuln management sytems to help you know whats actually running on systems anymore? ;) </p><p>Edit 2:<br>if you want to see what Synology is doing and don't have a Synology device you can run their distro in a virtual machine. I don't know if you can really trust this or not, but I've used it in the past. Use at your own risk.</p><p>The Redpill pre-install and Recovery environment.<br>[<a href="https://github.com/RROrg/rr" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/RROrg/rr</span><span class="invisible"></span></a>]</p><p>Synology DSM<br>[<a href="https://archive.synology.com/download/Os/DSM" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">archive.synology.com/download/</span><span class="invisible">Os/DSM</span></a>]</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/containers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>containers</span></a> <a href="https://infosec.exchange/tags/docker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>docker</span></a> <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
gianarb<p>I did a little exercise trying to figure out how my attempt to apply the <a href="https://hachyderm.io/tags/regresshion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regresshion</span></a> to my <a href="https://hachyderm.io/tags/nixos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nixos</span></a> servers </p><p><a href="https://shippingbytes.com/2024/07/09/timeline-to-patch-regresshion-to-my-public-servers/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">shippingbytes.com/2024/07/09/t</span><span class="invisible">imeline-to-patch-regresshion-to-my-public-servers/</span></a></p>
ADMIN magazine<p>Researchers at Qualys Threat Research Unit find critical OpenSSH vulnerability in glibc-based Linux systems <a href="https://www.admin-magazine.com/News/Critical-OpenSSH-Vulnerability-Affects-Linux-Systems" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">admin-magazine.com/News/Critic</span><span class="invisible">al-OpenSSH-Vulnerability-Affects-Linux-Systems</span></a><br><a href="https://hachyderm.io/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> <a href="https://hachyderm.io/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://hachyderm.io/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://hachyderm.io/tags/patch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>patch</span></a> <a href="https://hachyderm.io/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a></p>
AlmaLinux<p>Like with last week's <a href="https://fosstodon.org/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a> patch, this week we are again patching OpenSSH ahead of our upstream to keep our users secure. <a href="https://almalinux.org/blog/2024-07-09-cve-2024-6409/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">almalinux.org/blog/2024-07-09-</span><span class="invisible">cve-2024-6409/</span></a> <a href="https://fosstodon.org/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Simple Nomad<p>Blog post I did for work. Sorry it wasn't sooner, but nonetheless here it is, related to <a href="https://rigor-mortis.nmrc.org/tags/regresshion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regresshion</span></a>. I guess had the impact been as great as all the headlines would have had you believe, it would have been done sooner.</p><p><a href="https://rigor-mortis.nmrc.org/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://rigor-mortis.nmrc.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://rigor-mortis.nmrc.org/tags/gitlab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gitlab</span></a> </p><p><a href="https://about.gitlab.com/blog/2024/07/09/faq-the-regresshion-vulnerability-and-gitlab/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">about.gitlab.com/blog/2024/07/</span><span class="invisible">09/faq-the-regresshion-vulnerability-and-gitlab/</span></a></p>
Alex Ivanovs<p>RHEL 9 OpenSSH packages affected by remote code execution flaw</p><p><a href="https://stackdiary.com/rhel-9-openssh-packages-affected-by-remote-code-execution-flaw/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">stackdiary.com/rhel-9-openssh-</span><span class="invisible">packages-affected-by-remote-code-execution-flaw/</span></a></p><p><a href="https://mastodon.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/RHEL9" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RHEL9</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/CVE20246409" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE20246409</span></a> <a href="https://mastodon.social/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/Fedora" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fedora</span></a> <a href="https://mastodon.social/tags/RaceCondition" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RaceCondition</span></a> <a href="https://mastodon.social/tags/SIGALRM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SIGALRM</span></a> <a href="https://mastodon.social/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://mastodon.social/tags/PatchManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PatchManagement</span></a> <a href="https://mastodon.social/tags/Mitigation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mitigation</span></a> <a href="https://mastodon.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://mastodon.social/tags/Threat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Threat</span></a> <a href="https://mastodon.social/tags/Hackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hackers</span></a> <a href="https://mastodon.social/tags/Bug" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bug</span></a> <a href="https://mastodon.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://mastodon.social/tags/Glitch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Glitch</span></a> <a href="https://mastodon.social/tags/Audit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Audit</span></a> <a href="https://mastodon.social/tags/Syslog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Syslog</span></a> <a href="https://mastodon.social/tags/Update" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Update</span></a> <a href="https://mastodon.social/tags/Enterprise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Enterprise</span></a> <a href="https://mastodon.social/tags/LinuxSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LinuxSecurity</span></a> <a href="https://mastodon.social/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://mastodon.social/tags/ServerSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ServerSecurity</span></a> <a href="https://mastodon.social/tags/CyberThreat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberThreat</span></a> <a href="https://mastodon.social/tags/SystemAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SystemAdmin</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechNews</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Mitre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mitre</span></a> <a href="https://mastodon.social/tags/NIST" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NIST</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.social/tags/DevOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevOps</span></a> <a href="https://mastodon.social/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a></p>
Jan Wildeboer 😷:krulorange:<p>Did a `dnf update` yesterday on my <a href="https://social.wildeboer.net/tags/RHEL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RHEL</span></a> 9 machines and now sshd is updated with the fix against <a href="https://social.wildeboer.net/tags/RegreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RegreSSHion</span></a>.</p>
Edoardo Dusi<p>Eccoci qua con una nuova puntata da quasi mezz'ora e con tanti spiegoni su due incidenti di cybersecurity che secondo me meritavano approfondimenti e quindi ho pensato che pure voi meritaste il puntatone drammatico. </p><p>Quindi se volete qui vi beccate due cose, una vulnerabilità trovata in OpenSSH e chiamata regreSSHion e un attacco alla supply chain JavaScript sfruttando la CDN di Polyfill.io.</p><p><a href="https://continuousdelivery.social/tags/regresshion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regresshion</span></a> <a href="https://continuousdelivery.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://continuousdelivery.social/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openssh</span></a> <a href="https://continuousdelivery.social/tags/polyfill" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>polyfill</span></a> <a href="https://continuousdelivery.social/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> </p><p><a href="https://youtu.be/HlFYAA9hAeg" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/HlFYAA9hAeg</span><span class="invisible"></span></a></p>
Nicd<p><span>Ironically after publishing the </span><a href="https://social.ahlcode.fi/tags/regreSSHion" rel="nofollow noopener noreferrer" target="_blank">#regreSSHion</a><span> vulnerability, it seems </span><a href="https://social.ahlcode.fi/tags/Qualys" rel="nofollow noopener noreferrer" target="_blank">#Qualys</a><span>'s own blog was compromised for a short while: </span><a href="https://borncity.com/win/2024/07/03/has-the-qualys-blog-been-hacked-july-2-2024/" rel="nofollow noopener noreferrer" target="_blank">https://borncity.com/win/2024/07/03/has-the-qualys-blog-been-hacked-july-2-2024/</a></p>
Elis H 🌱<p><span class="h-card" translate="no"><a href="https://graz.social/@publicvoit" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>publicvoit</span></a></span> Uh, yes? They have. <a href="https://nixpk.gs/pr-tracker.html?pr=323753" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nixpk.gs/pr-tracker.html?pr=32</span><span class="invisible">3753</span></a></p><p><a href="https://chaos.social/tags/nixos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nixos</span></a> <a href="https://chaos.social/tags/regresshion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regresshion</span></a> <a href="https://chaos.social/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openssh</span></a></p>
Karl Voit :emacs: :orgmode:<p>Not even <a href="https://graz.social/tags/NixOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NixOS</span></a> has a patched <a href="https://graz.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> version to mitigate <a href="https://graz.social/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a> yet. 😔 </p><p>OK, at least disabling sshd is very easy.</p><p>Edit/Correction: NixOS somehow decided not to change the version number for a patched OpenSSH version. So you can have 9.7p1 with the vulnerability and 9.7p1 without. 🤷 🤦♂️ </p><p><a href="https://github.com/NixOS/nixpkgs/pull/323761/files" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/NixOS/nixpkgs/pull/</span><span class="invisible">323761/files</span></a></p><p>So the usual "am I vulnerable?"-instructions to the CVE are useless with NixOS.</p>
Flatcar Container Linux 🚂<p>New Flatcar releases for all channels now available!<br>📦 Package update: OpenSSH<br>🔒 CVE fix: OpenSSH (CVE-2024-6387) (<a href="https://hachyderm.io/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a>)<br>📜 Release notes at the usual spot: <a href="https://www.flatcar.org/releases/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">flatcar.org/releases/</span><span class="invisible"></span></a></p>
uniq<p>We patched <a href="https://chaos.social/tags/regresshion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regresshion</span></a> at <a href="https://chaos.social/tags/FDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FDroid</span></a> yesterday. Hell of a backdoor, really makes one wonder what else is out there. 😓 </p><p><a href="https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.qualys.com/vulnerabilitie</span><span class="invisible">s-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server</span></a></p>
PrivacyDigest<p>“RegreSSHion” <a href="https://mas.to/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> in <a href="https://mas.to/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> gives attackers root on <a href="https://mas.to/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <br><a href="https://mas.to/tags/RegreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RegreSSHion</span></a></p><p><a href="https://arstechnica.com/?p=2035011" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arstechnica.com/?p=2035011</span><span class="invisible"></span></a></p>
Víctor A. Rodríguez :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@arstechnica" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>arstechnica</span></a></span> Some scripting to detect vulnerable <a href="https://techhub.social/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a> <a href="https://techhub.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> version and patch sshd config by LoginGraceTime</p><p>sed -i 's/.*LoginGraceTime.*/LoginGraceTime 0/' /etc/ssh/sshd_config </p><p><a href="https://gitlab.com/bit-man/os-mindset/-/raw/master/lib/debian/regreSSHion?ref_type=heads" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gitlab.com/bit-man/os-mindset/</span><span class="invisible">-/raw/master/lib/debian/regreSSHion?ref_type=heads</span></a></p>
Royce Williams<p>Question about the OpenSSH vuln: </p><p>Do all the attempts have to come from a single connection?</p><p>Or could attack be distributed across a fleet of source IPs (impacting effectiveness of fail2ban, etc.)</p><p><a href="https://infosec.exchange/tags/RegreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RegreSSHion</span></a> <a href="https://infosec.exchange/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> <a href="https://infosec.exchange/tags/cve_2024_6387" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve_2024_6387</span></a></p>
Larvitz :fedora: :redhat:<p>There isn't yet a patch for CVE-2024-6387 a.k.a. "regreSSHion" in RHEL9 but Red Hat suggests a mitigation by setting LoginGraceTime to 0 in sshd_config (source: <a href="https://access.redhat.com/security/cve/cve-2024-6387" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">access.redhat.com/security/cve</span><span class="invisible">/cve-2024-6387</span></a>)</p><p>I wrote a small Ansible playbook to do this on multiple systems in an automated way.</p><p>If someone has the same task, feel free to draw inspiration from here:</p><p><a href="https://gist.github.com/chofstede/67641b45f7b2379bab5832b70c0b8351" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gist.github.com/chofstede/6764</span><span class="invisible">1b45f7b2379bab5832b70c0b8351</span></a></p><p>It's tested and idempotent (can run multiple times with the same result) but no warranties. Use at your own risk.</p><p>And for other systems, I've made a playbook to patch openssh to the latest version: <a href="https://gist.github.com/chofstede/c076ededc4fbf0478740473542af98c3" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gist.github.com/chofstede/c076</span><span class="invisible">ededc4fbf0478740473542af98c3</span></a>)</p><p><a href="https://burningboard.net/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://burningboard.net/tags/regresshion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regresshion</span></a> <a href="https://burningboard.net/tags/cve20246387" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve20246387</span></a> <a href="https://burningboard.net/tags/ansible" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ansible</span></a> <a href="https://burningboard.net/tags/rhel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rhel</span></a> <a href="https://burningboard.net/tags/redhat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redhat</span></a> <a href="https://burningboard.net/tags/mitigation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mitigation</span></a> <a href="https://burningboard.net/tags/sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sysadmin</span></a> <a href="https://burningboard.net/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openssh</span></a> <a href="https://burningboard.net/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Genma<p>une faille critique dans <a href="https://framapiaf.org/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openssh</span></a> appelée <a href="https://framapiaf.org/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a> </p><p>Moi quand je vais mettre mes serveurs à jour pour patcher... Qui a la référence ?</p>
Adi'Vaala vas Miðgarðr 👨🏼💻<p><a href="https://swiss.social/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a> 🙃</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload