• @[email protected]
    link
    fedilink
    English
    21 month ago

    It’s kind of an iffy assertion. That’s maybe the number of files it scans looking for misconfigurations it can exploit, but I’d bet there’s a lot of overlap in the potential contents of those files (either because of cascading configurations, or because they’re looking for the same file in slightly different places to mitigate distro differences). So the number of possible exploits is likely far fewer.

    • @[email protected]
      link
      fedilink
      English
      1
      edit-2
      1 month ago

      maybe the number of files it scans looking for misconfigurations

      So how did it get into the system to be able to scan configuration files?

      • @[email protected]
        link
        fedilink
        English
        41 month ago

        Separate remote code execution vulnerability in unupdated versions of RocketMQ, a Chinese-developed messaging/streaming server, in the case of the infection described in the article. It’s possible that there are a few other RCE vulns it can make use of, but 20000 of them seems unlikely.