Regression in signal handler.

This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd’s privileged code, which is not sandboxed and runs with full privileges.

  • refalo
    link
    fedilink
    English
    arrow-up
    2
    ·
    6 months ago

    seems to work fine in C and I can find quite a bit of examples of it being used actually