Richard@lemmy.world to

Linux@lemmy.worldEnglish · 4 months ago

CVE-2024-6387 OpenSSH Server Authentication Bypass

2

26

CVE-2024-6387 OpenSSH Server Authentication Bypass

Richard@lemmy.world to

Linux@lemmy.worldEnglish · 4 months ago

2

CVE - CVE-2024-6387

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

A signal handler race condition was found in OpenSSH’s server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd’s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().

You must log in or register to comment.

Chat

catloaf@lemm.ee
link
fedilink
English
arrow-up
3
arrow-down
1·
4 months ago
I’m not familiar with this exploit vector. How does this bypass authentication? What’s the race you’re trying to win when the prompt times out?
- Mellow@lemmy.world
  link
  fedilink
  English
  arrow-up
  1
  arrow-down
  1·
  4 months ago
  deleted by creator
lambalicious@lemmy.sdf.org
link
fedilink
English
arrow-up
1·
4 months ago
And this is the reason I run infra on Debian Stable, or Oldstable, rather than eg.: Sid.

Linux@lemmy.world

linux@lemmy.world

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !linux@lemmy.world

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you’re a seasoned Linux enthusiast or just starting your journey, we’re excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let’s dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.
Be respectful: Treat fellow community members with respect and courtesy.
Quality over quantity: Share informative and thought-provoking content.
No spam or self-promotion: Avoid excessive self-promotion or spamming.
No NSFW adult content
Follow general lemmy guidelines.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

3 users / day
353 users / week
1.43K users / month
4.26K users / 6 months
1 local subscriber
8.03K subscribers
577 Posts
4.31K Comments
Modlog

mods:
MigratingtoLemmy@lemmy.world