LightNews
skrillor.bsky.social
Fabian Bäumer
@skrillor.bsky.social
38 followers 100 following 3 posts
PhD Student @ruhr-uni-bochum.de | 🐢 Terrapin Attack | Interested in anything related to SSH and protocol security in general | Mastodon: @[email protected]
Posts Media Videos Starter Packs
Reposted by Fabian Bäumer
ic0nz1.bsky.social
Robert Merget (ic0ns) @ic0nz1.bsky.social · Jul 8
We found a new vulnerability in TLS. It's a variant of the ALPACA attack that bypasses current countermeasures. Relativly low impact - but great insight! Check it out: opossum-attack.com
1 8 11
skrillor.bsky.social
Fabian Bäumer @skrillor.bsky.social · Apr 16
Affected versions:

<= OTP-27.3.2
<= OTP-26.2.5.10
<= OTP-25.3.2.19.

Fixed versions are OTP-27.3.3, OTP-26.2.5.11, OTP-25.3.2.20.

Link to the security advisory over on GitHub: github.com/erlang/otp/s...
Unauthenticated Remote Code Execution in Erlang/OTP SSH
### Summary A serious vulnerability has been identified in the Erlang/OTP SSH server that may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SS...
github.com
2
skrillor.bsky.social
Fabian Bäumer @skrillor.bsky.social · Apr 16
Mitigation:

To mitigate this issue, please update to the latest version of Erlang/OTP as soon as possible. As an immediate workaround, prevent access via appropriate firewall rules.
1 2
skrillor.bsky.social
Fabian Bäumer @skrillor.bsky.social · Apr 16
We (@lambdafu.bsky.social & me) found a critical security vulnerability in the #Erlang/OTP SSH daemon that allow attackers to execute arbitrary code via network access on devices running Erlang/OTP SSH servers.

This vulnerability is #CVE-2025-32433, patches out now. Estimated CVSSv3 10.
1 3 7