Vulnerability

Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client

Posted by Jordy Zomer on Feb 27Hey all, First of all, cool findings! I've been working on the CodeQL query and have a revised version that I think improves accuracy and might offer some performance gains (though I haven't done rigorous benchmarking). The key change is the use of `StackVariableReachability` and making sure that there's a path wher e `var` is not reassigned before taking a `goto _;`. Ran it on an older database, found some of the same bugs...

ThreatWatcherThreatWatcher
Feb 28, 2025 - 01:30
 0  5
Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client

Posted by Jordy Zomer on Feb 27Hey all,

First of all, cool findings! I've been working on the CodeQL query and have a revised version that I think improves
accuracy and might offer some performance gains (though I haven't done rigorous benchmarking). The key change is the
use of `StackVariableReachability` and making sure that there's a path wher e `var` is not reassigned before taking a
`goto _;`. Ran it on an older database, found some of the same bugs...

Read More on SecLists

Tags:

Previous Article

SEC Consult SA-20250226-0 :: Multiple vulnerabilities in Siemens A8000 CP-8050 &...

Next Article

Privacy tech firms warn France’s encryption and VPN laws threaten privacy

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

ThreatWatcher
ThreatWatcher

Related Posts

[webapps] Jasmin Ransomware - Arbitrary File Download (Authenticated)

[webapps] Jasmin Ransomware - Arbitrary File Download (...

ThreatWatcher Apr 8, 2025  0  4

SEC Consult SA-20241024-0 :: Unauthenticated Path Traversal Vulnerability in Lawo AG - vsm LTC Time Sync (vTimeSync) (CVE-2024-6049)

SEC Consult SA-20241024-0 :: Unauthenticated Path Trave...

ThreatWatcher Oct 25, 2024  0  8

Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Python3

Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injectio...

ThreatWatcher Feb 21, 2025  0  7