Emerald@lemmy.world to linuxmemes@lemmy.world · 9 months agoDebian security amirite?lemmy.worldimagemessage-square75fedilinkarrow-up1999arrow-down116
arrow-up1983arrow-down1imageDebian security amirite?lemmy.worldEmerald@lemmy.world to linuxmemes@lemmy.world · 9 months agomessage-square75fedilink
minus-squareTangledHyphae@lemmy.worldlinkfedilinkarrow-up1·9 months agoI doubt that was intentional, they would likely want to hide that latency but the CPU time required to scan everything just is what it is. https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b The hooked RSA_public_decrypt verifies a signature on the server’s host key by a fixed Ed448 key, and then passes a payload to system(). It’s RCE, not auth bypass, and gated/unreplayable.
I doubt that was intentional, they would likely want to hide that latency but the CPU time required to scan everything just is what it is.
https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b