Clov3r

idk what i'm doing lol

  • she/it

Funni agender aro girlthing weirdo
I'm not telling yall my exact age, all you need to know is I'm old enough.

last fm recently played music


My last.fm (I listen to song on loop a lot)
www.last.fm/user/C0v3r_

catball
@catball

tl;dr: >=9.8p1 safe

do sshd -V on your server to check version

close your external-facing ports / disable sshd if you don't have a patch

if you need to keep those ports open for some reason, mitigate by setting LoginGraceTime = 0 in /etc/ssh/sshd_config, but note it will open you up to dos attacks; be sure you're also running something like fail2ban to help mitigate dos risk

OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.

Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure.

The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.

OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.


You must log in to comment.

in reply to @catball's post: