Emerald@lemmy.world to linuxmemes@lemmy.world · 8 months agoDebian security amirite?lemmy.worldimagemessage-square75fedilinkarrow-up11Karrow-down114
arrow-up1986arrow-down1imageDebian security amirite?lemmy.worldEmerald@lemmy.world to linuxmemes@lemmy.world · 8 months agomessage-square75fedilink
minus-squareTangledHyphae@lemmy.worldlinkfedilinkarrow-up1·8 months agoI doubt that was intentional, they would likely want to hide that latency but the CPU time required to scan everything just is what it is. https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b The hooked RSA_public_decrypt verifies a signature on the server’s host key by a fixed Ed448 key, and then passes a payload to system(). It’s RCE, not auth bypass, and gated/unreplayable.
I doubt that was intentional, they would likely want to hide that latency but the CPU time required to scan everything just is what it is.
https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b