Another Critical OpenSSH Vulnerability 

templeos is uneffected once again

“And it’s already got a cute nickname, so you knows it’s a serious bug” facts lol

A moment of silence for all the CIA, FBI and NSA employees who now have to put in longer hours over the summer days to find a new vulnerability😔

Oh boy, UEFI buffer overflow and now this

That's the kinda title you wanna see just minutes after starting sshd

My Debian machine is so old it's not affected 😂

Enough backdoors pls 😢🙏

Thank god, I keep my SSH endpoints behind Wireguard interfaces. Look like my paranoia is yet again paying off.

The fact it is a recidivist regression highly increases the suspicion it is being (re)added on purpose by some malicious agent/entity...

Ahahah I'm on vacation :)

"...and its already got a cute nickname, so you know this is a really serious bug" - lmao, yeah

I love burgerland

Friendship ended with SSH now Telnet is my best friend

i literally just set up openssh for a pihole yesterday you have got to be kidding me

Nice. Straight to the point, informative and a FAQ included. I love you.

This problem is with Unix signals, not with C. So I bet Rust wouldn't have prevented it, unless they implemented some special handling of Unix signals. Working with those signals is a nightmare.

Oh no, time to patch my personal as well as my companies servers ASAP! Thank you so much for the informative, straight-to-the-point videos that you make. You are a real saint for all the admins and devs out there. Greetings from Germany :D ~ Shinney

Hm. So that’s why openssh had an update an hour ago

One way to avoid this exploit is just to disable password authentication and login with certificates. This is the way in enterprise levels

Its so critical that nobody ever used this outside of a lab situation!!!!

In 2001 OpenBSD switched syslog to syslog-r, an async-signal-safer version of syslog, which SIGALRM calls, so you can get as far as SIGALRM, but it can't actually bonk syslog-r also thanks for telling me. This affects Ubuntu and many instances of Docker that are out right now. Btw this is going to end up unintentionally DDoSing people who use Windows and Putty

"the bugs are back" - dracula flow lol

I did not know about this. Thank you for posting this because I immediately logged into my servers and updated them.

who's laughing now, linux.

Boy am I glad I use telnet.

Thank you Mental (giant) Man. You RoCk (but don't let that go to your head)

Key-based authentication not affected. Phew!

A new backdoor well there are many already that are not known or malicius actors only know.

"July has just began... the birthday of burger land will soon be celebrated" I will clip that out of context

Although a serious bug because it can cause crashes, it is unlikely that someone will use this for RCE because a sysadmin will probably notice ~100 connections coming from the same source all timing out for 3 hours.

You got to be kitten me. Unorthodoxically

So have you tried Smite 2 is the real question, given the foreshadowing

There is something beautiful about controlling your entire software stack like OpenBSD does. Linux distros don't have such a privilege.

Thanks a lot. Just woke up and now patching my homelab

Jia Tan punching air right now.

That darn Malloc!!!!

Excellent video 👍 Thank you 💜🚀

algorithm. It is getting kind of funny how many of these stupid things are turning up. Thanks for the wonderful coverage.

Oh, good. Very nice. I love how I have Ubuntu for my thicc main rig and Arch for the play box I have. Very duberi.

Is OSX uneffected because it it BSD based and uses libc rather then glibc?

This would explain the update I got earlier. Nice to know my OpenBSD box is not affected.

Rust mentioned let's goooo

> As an example of the effect OpenBSD has, the popular OpenSSH software comes from OpenBSD.

Very first day of the repos being gone in CentOS 7 (due to EOL) and we get this big one. And I was thinking myself that was going to take at least a week before a severe vulnerability just deemed CentOS 7 EOL usage. I know EOL OS shouldn't be ran, but several Enterprise grade equipment still run it due to the lack of the companies that own the products to have updated it on a timely fashion, trust me, that happens a lot, several purposely build appliances actually still running CentOS 5 and 6 even.

finished the video and my package manager popped an update notification with 1 package - ssh - to be updated :D

seeing that drac flow clip made me smile :)

It's pretty crazy how insecure every computer in existence is.

Thank you for using a smite skin in this video 0:03

Apparently some people use Arch. Stonks.

Never have I been more happy to have used knockd in my life, got that 💩 on everything. Security through obscurity, and keeps those pesky robots at shodan in check.

Here's an interesting observation: I have a few systems that are on a "deprecated" version of Ubuntu. They missed both OpenSSH vulnerabilities, plus a few other recent ones, due to those bugs being introduced in more recent versions of that software than are available with that version of Ubuntu. I'll continue waiting for all the bugs to be shaken out of new versions of software before upgrading.

OpenSSH looks very complex, I wonder if it's about time to use something more simple, easier to audit. Forget SSH, embrace: `mkfifo x ; bash < x |& netcat -l -p 22 > x`

Thank you based black man for info about this. Running scans as we speak.

I have a terrible understanding of network stuff, but couldn't this theoretically affect iot and embedded stuff like smartfridges? I don't know whether they run 32bit Linux, but I think it's not out of the question right?

Thanks for the heads up, patched both my FreeBSD boxes that needed it

If its worth explaining in a video by you, I'm trying to look into what is RCS and what REALLY is RCS by september.

Again, the problem is GLibc, not OpenSSH.

Never entered "yay" as fast as today 💀 Thanks for telling us, seriously.

But openssh 4.4 is released in .... 2006? who is still using openssh 4.4???

Thanks for the update 🏴‍☠️

Talking about 32-bit. Really, never underestimate the amount of old hardware that is still up and running in various corporations and banks

Thank you. Systems patched and login grace time tweaked. You are a rod and staff among men.

Thanks mate had to log in to my comapany servers as soon as seeing this video

0 day dropping on Monday is a nice change of pace from dropping Friday afternoon lmao. Then again I'm not working in blue teaming anymore so not my headache lol. Real glad that I only have SSH open on my server locally, no outside access at all.

The version shipped with most enterprise distros is not vulnerable because it's too old

SSH more like SMH 🤦‍♂

But, who leaves enabled "login/pass" logon to sshd? Thats the first thing to disable, right after uploading your first rsa key...

Alpine musl stronk!

Another day that I’m thankful that I’m using alpine on my servers. And that I don’t have a public facing SSH port.

We really need to start writing provably correct architecture. Surely by now we have the knowledge and manpower, and with good use of AI hopefully a huge chunk of the proof generation can be automated.

Fuck, I have so much to fix and update!

You know how many SSH servers I've had directly connected to the internet.. since like 2010..? Zero. This is what VPNs are actually for, people!

So what versions are affected? To what minimal version do we need to update or revert? Or we are going to throw the just use Alpine or BSD ... or set some configs and pray for the next update to not overwrite it ...

Oh ssh-

Is arm/arm64 vulnerable?

Hey, what microphone do you use?

Thanks for the information

Shodan working overtime on this muuug

I got the notice for my Google VPS's today. I read over the notes and deleted the email and moved on with my day. I have more important issues to deal with than this edge case bullshit.

"please like and share to hack the algorithm" I liked that little titbit at the end 😂

TrueNAS just got their patch out today (July 3rd)

And its only Tuesday, great.

Love the Dracula flow reference

CIA and FBI at work again.

I help run a proxmox instance for some kinda fun stuff and the laptop that was running it got infected by this which caused us to not be able to access it. I didn't know how to fix it but someone else did in the group. There was a cryptominer installed into the rootfs (I'm just typing this before I actually watched the video so I don't know if you touch on that or not)

Looks like Jia Tan is back.

Don't you ship to south africa? Gauteng ?

Thank you

Don't allow ssh to be open to the public internet. Lock it down. Bind ssh to a private IP or only allow from a specific address/subnet. Then access over VPN.

every vulnerability of a pc or whatever tech, could just be avoided trough tough software and i mean u have to be dedicated to do that, so im a modder i work for myself and i will expose all software vulnerabilities and what u can physically mod from literally what tech i stumble upon so be prepared to see old hardware beat new hardware by squizing everything i can so the viewer if it will be an yt channel can even benefit from it,but even if my mind is thinking about doing 10 stuff at the time i will manage everything trough my passion for these type of stuff and learning

GG I can stop updating my packages. It's beautiful.

yesterday it was all about "yay, my old computer does BIOS, not UEFI". Today it's "sht, I use 32 bit with my old computer"

The bugs are back. I must dig them out with a screwdriver

I got seriously pissed off that I just setup my own SIEM and vulnerability tracker. You never know

The only part about this that makes me even slightly excited this is probably a vulnerability that affects PS4's. It'll be nice to not be tethered.

Just add a firewall for port 22

for systems that cant be shut down for the patch time can a manual patch be done? compile a copy of the daemon on another system set up just for this or in a vm and copy the file to new location and then use the unload and load command to swap out the files . make up some excuse like say a severe thunderstorm is in the area witch means lightning and they have to shut down due to storm. nasa will abort launches if there is lightning within a 50 mile radius.

Do a video on the NixOS drama!

I will tell you, async calling synchronous code sounds like a really silly bug you'd face using JS... I would have assumed the compiler would catch something as silly as this

So for us noobs who don't keep on top of things. If you're using an older Ubuntu version that is still vulnerable, don't upgrade your openSSH but apply the official patched version instead.