26 February 2024 Very large OpenSSH vulnerability (02/26/2024)

Hello,

Very bad news today, following the publication of a major security alert with a CVSS index of 9.8. As a reminder, the CVSS index (Common Vulnerability Scoring System) is a system used to calculate a score assessing the criticality of a vulnerability. The system ranges from 0, virtually zero risk, to 10, critical risk.

This critical flaw comes from the OpenSSH open source tool. It could allow a remote attacker to execute arbitrary commands on the system due to incorrect shell metacharacter validation.

By sending a specially crafted request using expansion tokens, an attacker could exploit this vulnerability to execute arbitrary commands on the system. This flaw is very dangerous, and gayte.it strongly advises you to apply the following PTF patch, which can be found here: https: //lnkd.in/gcWY2V5m

Posted in

Latest news

Alert

IBM i Security Alert: Ethernet recovery for certain IBM i adapters (12/03/2025)

12 March 2025
Read more
Alert

IBM i Security Alert: Database bypass denial of service (12/02/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Privilege elevation (02/25/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Vulnerabilities in the Java SDK (11/02/2025)

11 February 2025
Read more
Alert

IBM i Security Alert: RDi XStream (27/01/2025)

27 January 2025
Read more
Alert

IBM i Security Alert: IBM PowerHA SystemMirror (13/01/2025)

13 January 2025
Read more
Alert

IBM i Security Alert: 2 critical vulnerabilities in Rational Developer for i (RDi)!(10/12/2024)

10 December 2024
Read more
Alert

IBM i Security Alert: 4 vulnerabilities in the IBM HTTP Server! (09/12/2024)

09 December 2024
Read more