Názor ke zprávičce Nebezpečná zranitelnost OpenSSH na Linuxu s glibc: regreSSHion od Fík - Možná i jiné, ale Qualys to nestudoval. OpenBSD...

Možná i jiné, ale Qualys to nestudoval. OpenBSD zranitelný není.

"This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd's privileged code, which is not sandboxed and runs with full privileges. We have not investigated any other libc or operating system; but OpenBSD is notably not vulnerable, because its SIGALRM handler calls syslog_r(), an async-signal-safer version of syslog() that was invented by OpenBSD in 2001."