Moritz Mühlenhoff <j...@inutil.org> writes: > Russ Allbery <r...@debian.org> wrote:
>> I think this question can only be answered with reverse-engineering of >> the backdoors, and I personally don't have the skills to do that. > In the pre-disclosure discussion permission was asked to share the > payload with a company specialising in such reverse engineering. If that > went through, I'd expect results to be publicly available in the next > days. Excellent, thank you. For those who didn't read the analysis on oss-security yet, note that the initial investigation of the injected exploit indicates that it deactivates itself if argv[0] is not /usr/sbin/sshd, so there are good reasons to believe that the problem is bounded to testing or unstable systems running the OpenSSH server. If true, this is a huge limiting factor and in many ways quite relieving compared to what could have happened. But the stakes are high enough that hopefully we'll get detailed confirmation from people with expertise in understanding this sort of thing. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
