The official website SK

The gov.sk domain is official

This is the official website of the public authority of the Slovak Republic. Official websites mainly use the gov.sk domain. Links to individual websites of public authorities can be found at this link.

This page is secured

Be careful and always make sure that you share information only through the secure website of the Slovak public administration. A secure page always starts with https:// before the domain name of the website.

Warning of OpenSSH vulnerability

The National Cyber Security Centre SK-CERT warns of a vulnerability in OpenSSH that could be exploited by remote unauthenticated attackers for remote code execution (RCE) or denial of service (DoS).

OpenSSH is a popular tool used for secure communication, remote access or secure data transfer. It is an open-source implementation of the Secure Shell (SSH) communications protocol and is most often used on servers with Linux, BSD operating systems as well as on various devices such as Wi-Fi routers, IP phones and more.

The vulnerability is tracked as CVE-2023-25136. It is a double-free vulnerability. Exploiting this type of vulnerability for a denial of service is trivial, but today a proof-of-concept is available on how to exploit this vulnerability for much more dangerous remote code execution.

The critical vulnerability CVE-2023-25136 was assigned a CVSS score of 9.8.

Versions affected by this vulnerability:

  • OpenSSH v. 9.1 and earlier

Regarding the mentioned vulnerability, the National Cyber Security Centre SK-CERT recommends the following to all users who use the vulnerable version of OpenSSH:

  • immediately update the vulnerable version to the latest version,
  • in the event of a cybersecurity incident detection, report the incident to the National Cyber Security Centre SK-CERT at [email protected].

Sources


« Späť na zoznam