bugzilla-daemon at mindrot.org
2024-Jan-13 06:49 UTC
[Bug 3656] New: How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 Bug ID: 3656 Summary: How to fix row hammer attacks? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com A new vulnerability (CVE-2023-51767) in openssh has been published, but there seems to be no fix yet. NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51767 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Jan-16 07:32 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- This attack was not demonstrated against stock OpenSSH, but instead against a modified sshd that had extra synchronisation added to make the attack easier. AFAIK achieving the timing required to successfully exploit is close to impossible in the real world. See section 9 of their paper https://arxiv.org/pdf/2309.02545.pdf They don't mention it, but any kind of ASLR would increase the difficulty of attack by several orders of magnitude. Nobody has demonstrated this attack against a configuration remotely approximating real-world conditions. We consider rowhammer mitigation to the job of the platform, not userspace software. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-May-06 02:42 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 renmingshuai <rmsh1216 at 163.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Reasonably Related Threads
- [Bug 3531] New: Ssh will not exit when it receives SIGTERM before calling poll in client_wait_until_can_do_something until some events happen.
- [Bug 3587] New: Would OpenSSH consider adding a switch to hide the specific OpenSSH version number?
- [Bug 3597] New: Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is disabled?
- CESA-2013:X012 Xen4CentOS Medium kernel Security Update
- CentOS-announce Digest, Vol 105, Issue 5