Old Security Issues

Not all notifications are available in English. Please refer to the German version of our website for further details. Notifications, in German

State		Description
23.10.2025 15:33		Phishing "Dringende Maßnahmen erforderlich"	Detailsadd
Phishing "Dringende Maßnahmen erforderlich" Phishing mails with the subject "Dringende Maßnahmen erforderlich" are currently in circulation. Please ignore and delete these emails. Last change: 23.10.2025 15:33
22.05.2025 10:15		Phishing "Are you in the lab?"	Detailsadd
Phishing "Are you in the lab?" Phishing mails with the subject "Are you in the lab?" are currently in circulation. Please ignore and delete these emails. Last change: 22.05.2025 10:15
09.04.2025 12:34		Phishing "Dringende Aufgabe "	Detailsadd
Phishing "Dringende Aufgabe " Phishing mails with the subject "Dringende Aufgabe" are currently in circulation. Please ignore and delete these emails. Last change: 09.04.2025 12:34
01.07.2024 17:54		[SA] Critical Remote Exploitable Vulnerability in OpenSSH – CVE-2024-6387	Detailsadd
[SA] Critical Remote Exploitable Vulnerability in OpenSSH – CVE-2024-6387 [SA] Critical Remote Exploitable Vulnerability in OpenSSH – CVE-2024-6387 Overview OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. Affected platforms and versions RCE in OpenSSH's server, on glibc-based Linux systems: • OpenSSH < 4.4p1 is vulnerable to this signal handler race condition, if not backport-patched against CVE-2006-5051, or not patched against CVE-2008-4109, which was an incorrect fix for CVE-2006-5051; • 8.5p1 <= OpenSSH < 9.8p1 is vulnerable again to this signal handler race condition (because the "#ifdef DO_LOG_SAFE_IN_SIGHAND" was accidentally removed from sigdie()). Impact • The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. Advisory 1. Patch Management: Quickly apply available patches for OpenSSH and prioritize ongoing update processes. 2. Enhanced Access Control: Limit SSH access through network-based controls to minimize the attack risks. 3. Network Segmentation and Intrusion Detection: Divide networks to restrict unauthorized access and lateral movements within critical environments and deploy systems to monitor and alert on unusual activities indicative of exploitation attempts. References • https://www.openssh.com/txt/release-9.8 • https://thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.h[..] Last change: 08.07.2024 17:50