oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems

From: Qualys Security Advisory <qsa () qualys com>
Date: Wed, 3 Jul 2024 11:26:54 +0000
Hi all,

Many people have asked us about an alleged proof of concept named
"7etsuo-regreSSHion.c": it is not a proof of concept, it is essentially
empty code (it might even be dangerous to compile and execute, we have
not checked). It is not just the shellcode that is missing, everything
else is missing too: the key-exchange code does nothing, the public-key
code does nothing useful, etc etc.

It looks great but it does nothing. A working proof of concept for this
vulnerability will be much longer and complex, and will take much more
time to write than this.

Thank you very much! With best regards,

-- 
the Qualys Security Advisory team
Previous By Date Next
Previous By Thread Next

Current thread: