• nyan@lemmy.cafe
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 months ago

    It’s kind of an iffy assertion. That’s maybe the number of files it scans looking for misconfigurations it can exploit, but I’d bet there’s a lot of overlap in the potential contents of those files (either because of cascading configurations, or because they’re looking for the same file in slightly different places to mitigate distro differences). So the number of possible exploits is likely far fewer.

    • Buffalox@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      2 months ago

      maybe the number of files it scans looking for misconfigurations

      So how did it get into the system to be able to scan configuration files?

      • nyan@lemmy.cafe
        link
        fedilink
        English
        arrow-up
        4
        ·
        2 months ago

        Separate remote code execution vulnerability in unupdated versions of RocketMQ, a Chinese-developed messaging/streaming server, in the case of the infection described in the article. It’s possible that there are a few other RCE vulns it can make use of, but 20000 of them seems unlikely.