bugzilla-daemon at mindrot.org
2024-Jan-13 06:49 UTC
[Bug 3656] New: How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 Bug ID: 3656 Summary: How to fix row hammer attacks? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com A new vulnerability (CVE-2023-51767) in openssh has been published, but there seems to be no fix yet. NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51767 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Jan-16 07:32 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- This attack was not demonstrated against stock OpenSSH, but instead against a modified sshd that had extra synchronisation added to make the attack easier. AFAIK achieving the timing required to successfully exploit is close to impossible in the real world. See section 9 of their paper https://arxiv.org/pdf/2309.02545.pdf They don't mention it, but any kind of ASLR would increase the difficulty of attack by several orders of magnitude. Nobody has demonstrated this attack against a configuration remotely approximating real-world conditions. We consider rowhammer mitigation to the job of the platform, not userspace software. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-May-06 02:42 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 renmingshuai <rmsh1216 at 163.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2024-May-14 18:23 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 Clint.Clayton at dell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Clint.Clayton at dell.com --- Comment #2 from Clint.Clayton at dell.com --- This bug was set to resolved / fixed. Was there a fix committed to the git repository? I couldn't find one in https://anongit.mindrot.org/openssh.git/log -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-May-14 23:16 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 --- Comment #3 from Damien Miller <djm at mindrot.org> --- No, see comment 1 here -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2024-May-15 01:57 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 renmingshuai <rmsh1216 at 163.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-May-15 01:58 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 renmingshuai <rmsh1216 at 163.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |WONTFIX -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2024-Dec-02 01:24 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 bitianyuan <bty at mail.ustc.edu.cn> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bty at mail.ustc.edu.cn --- Comment #4 from bitianyuan <bty at mail.ustc.edu.cn> --- Hello, has this bug been fixed? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Dec-02 07:46 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 --- Comment #5 from Damien Miller <djm at mindrot.org> --- See comment 1 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Seemingly Similar Threads
- [Bug 3531] New: Ssh will not exit when it receives SIGTERM before calling poll in client_wait_until_can_do_something until some events happen.
- [Bug 3693] New: Is SFTP local command execution implemented based on an RFC protocol?
- [Bug 3526] New: Config option AddressFamily has no effect?
- [Bug 3587] New: Would OpenSSH consider adding a switch to hide the specific OpenSSH version number?
- [Bug 3597] New: Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is disabled?