Mailing List ecs-isp@2rosenthals.com Archived Message #671 previous message next message back to list

From: "Lewis Rosenthal" <ecs-isp@2rosenthals.com> Full Headers
Undecoded message
Subject: Re: [eCS-ISP] "A vulnerability has been discovered in glibc"
Date: Mon, 12 Feb 2024 18:27:22 -0500
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Apologies for the top post...

Assuming an attacker could get in behind the firewall, the defect allows the attacker to obtain elevated privs. OS/2 is a rooted OS anyway, so priva for everyone are already elevated.

For those of us running OS/2, this appears to be much ado about nothing.

Watch for a blog post from Arca Noae about this in the near future.

On February 12, 2024 6:14:45 PM EST, Peter Moylan <ecs-isp@2rosenthals.com> wrote:
>On 13/02/24 09:40, Massimo S. wrote:
>> Hi all,
>>
>> this could be a risk for our systems?
>>
>> thanks
>>
>> https://www.kaspersky.com/blog/cve-2023-6246-glibc-vulnerability/50369/?reseller=sea_regular-sm_acq_ona_smm__onl_b2b_twi_lnk_sm-team______&utm_source=twitter&utm_medium=social&utm_campaign=apac_regular-sm_ab0218&utm_content=link&utm_term=apac_twitter_organic_sfvpg2189o8cjup
>>
>> short url:
>>
>> https://is.gd/LKBxIt
>>
>> massimo
>>
>>
>
>The attacker must first have access to your system. Thus, you should be safe unless you're allowing remote users to log in using something like SSH.
>
>I can confirm that my SFTPD does not use glibc.
>

--
Lewis
Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster