Security News

Please turn on your JavaScript for this page to function normally. FreeBSD provides sophisticated features in networking, performance, security, and compatibility.

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions."This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

Microsoft says Internet-exposed Linux and Internet of Things devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign. After gaining access to a system, the attackers deploy a trojanized OpenSSH package that helps them backdoor the compromised devices and steal SSH credentials to maintain persistence.

The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server.Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1.

Telnet was remarkably simple and effective: instead of connecting physical wires to make a teletype connection to remote servers, you used a TELetype NETwork connection instead. Basically, the data that would usually flow back and forth over a dedicated serial connection or dial-up phone connection was sent and received over the internet, using a packet-switched TCP network connection instead of a circuit-switched point-to-point link. Sshd: fix a pre-authentication double-free memory fault introduced in OpenSSH 9.1.