Emerald@lemmy.world to linuxmemes@lemmy.world · 7 months agoDebian security amirite?lemmy.worldimagemessage-square60fedilinkarrow-up1970arrow-down115
arrow-up1955arrow-down1imageDebian security amirite?lemmy.worldEmerald@lemmy.world to linuxmemes@lemmy.world · 7 months agomessage-square60fedilink
minus-squareTangledHyphae@lemmy.worldlinkfedilinkarrow-up1·7 months agoI doubt that was intentional, they would likely want to hide that latency but the CPU time required to scan everything just is what it is. https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b The hooked RSA_public_decrypt verifies a signature on the server’s host key by a fixed Ed448 key, and then passes a payload to system(). It’s RCE, not auth bypass, and gated/unreplayable.
I doubt that was intentional, they would likely want to hide that latency but the CPU time required to scan everything just is what it is.
https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b