• d3Xt3r@lemmy.nzM
    link
    fedilink
    arrow-up
    1
    ·
    2 年前

    This is informative, but unfortunately it doesn’t explain how the actual payload works - how does it compromise SSH exactly?

      • d3Xt3r@lemmy.nzM
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        2 年前

        From what I’ve heard so far, it’s NOT an authentication bypass, but a gated remote code execution.

        There’s some discussion on that here: https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b

        But it would be nice to have a similar digram like OP’s to understand how exactly it does the RCE and implements the SSH backdoor. If we understand how, maybe we can take measures to prevent similar exploits in the future.