oss-sec mailing list archives
xz backdoor prevention using hosts.deny?
From: Nick Sal <specialroumpa () proton me>
Date: Wed, 03 Apr 2024 03:31:15 +0000
Hi,
Assume we filter SSH access only to a public domain subnet using the files hosts.{deny,allow} as seen below.
Would this prevent an attack if a malicious payload was *not* sent from the allowed subnet?
Trying to figure out if an attack like this was still possible, for the few days in March the backdoor was active and
undetected in rolling distros (e.g. debian testing).
/etc/hosts.deny: sshd: ALL
/etc/hosts.allow: sshd: "a_subnet"
Moreover, allowing only public-key authentication for SSH does not help, isn't this right?
Regards,
Nick
Current thread:
- xz backdoor prevention using hosts.deny? Nick Sal (Apr 03)
- Re: xz backdoor prevention using hosts.deny? Stuart D Gathman (Apr 03)
- Re: xz backdoor prevention using hosts.deny? Stephen John Smoogen (Apr 03)
- Re: xz backdoor prevention using hosts.deny? Pierre-Elliott Bécue (Apr 03)
- Re: xz backdoor prevention using hosts.deny? Ángel (Apr 08)
- Re: xz backdoor prevention using hosts.deny? Jacob Bachmeyer (Apr 09)
- Re: xz backdoor prevention using hosts.deny? Andres Freund (Apr 09)
- Re: xz backdoor prevention using hosts.deny? Christoph Anton Mitterer (Apr 09)
- Re: xz backdoor prevention using hosts.deny? Jacob Bachmeyer (Apr 10)
- Re: xz backdoor prevention using hosts.deny? Jacob Bachmeyer (Apr 09)