Unauthenticated RCE vs all GNU/Linux systems to be fully disclosed in 2 weeks with no working fix yet - eviltoast
  • Strit@lemmy.linuxuserspace.show
    link
    fedilink
    arrow-up
    7
    ·
    2 months ago

    Could be quite a few different things.

    Could be the kernel itself, gnupg, openSSH or even bash.

    But we won’t know for sure, until it’s publically disclosed.

    • Laser@feddit.org
      link
      fedilink
      arrow-up
      7
      ·
      2 months ago

      Could be the kernel itself

      Wouldn’t make sense to me because the thread says GNU/Linux and others, though this could relate to Android or distros not using any GNU.

      gnupg

      Usually not exposed to the network though, but it’s generally a mess so wouldn’t be too surprising

      Another candidate I have in mind is ntpd, but again that is usually not easily accessible from outside and not used everywhere, as stuff like systemd-timesyncd exists.

      Just want to stress that I’m not sure about it being OpenSSH, it was more supposed to be a fun guess than a certain prediction