Unauthenticated RCE vs all GNU/Linux systems to be fully disclosed in 2 weeks with no working fix yet - eviltoast
  • Laser@feddit.org
    link
    fedilink
    arrow-up
    7
    ·
    2 months ago

    Could be the kernel itself

    Wouldn’t make sense to me because the thread says GNU/Linux and others, though this could relate to Android or distros not using any GNU.

    gnupg

    Usually not exposed to the network though, but it’s generally a mess so wouldn’t be too surprising

    Another candidate I have in mind is ntpd, but again that is usually not easily accessible from outside and not used everywhere, as stuff like systemd-timesyncd exists.

    Just want to stress that I’m not sure about it being OpenSSH, it was more supposed to be a fun guess than a certain prediction