CVE-2024-6387 OpenSSH Server Authentication Bypass ( cve.mitre.org )

A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().

catloaf , 2 days ago

I'm not familiar with this exploit vector. How does this bypass authentication? What's the race you're trying to win when the prompt times out?

Reply

Report

Activity

Open original URL

Copy original URL

Copy Mbin URL

Loading...

/m/linux@lemmy.world

Threads (239)

Microblog (1)

People

Magazines

Thread

ricdeh

@ricdeh@lemmy.world

Added: 2 days ago
Views: 2
Ratio: 0

Magazine

Linux

@linux@lemmy.world

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you’re a seasoned Linux enthusiast or just starting your journey, we’re excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let’s dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.
Be respectful: Treat fellow community members with respect and courtesy.
Quality over quantity: Share informative and thought-provoking content.
No spam or self-promotion: Avoid excessive self-promotion or spamming.
No NSFW adult content
Follow general lemmy guidelines.

Created: 5 months ago
Subscribers: 7272

Moderators

Active people

mbin.grits.dev

Powered by Mbin
●
1.4.1
●
Report issue