A critical RCE vulnerability in OpenSSH 8.0-9.6 was disclosed. CVSS score 9.8. Attackers can execute arbitrary code without authentication. The flaw is in the signature verification during key exchange.
All admins should upgrade to OpenSSH 9.7+. If unable to upgrade, disable password auth and use key-only auth as mitigation. Cloud providers have released patches.
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容