Okay its gotta be one of you lot here on infosec.exechange. Who _is_ it at Qualys that does all these beautiful classic unix hax?!
This is just such chef-kiss work as is the write up t-file, and it just warms my heart. I don't know who you are but I LOVE YOU.
(also <3 @djm )
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
@djm @metlstorm They've been pumping out amazing vulns for years now. I wondered the same thing I think after the Exim RCE? Or something else maybe. Anyway when asking around I was told "they wish to remain anonymous but they're very legit and have been around the scene for awhile". Which I think we can tell by reading their write ups, they do have a bit of an old school feel which is maybe part of what I enjoy beyond just being epic finds.
Whoever you are.... Hats off.
metlstorm
Damien Miller
Aaron Grattafiori