dethos on Nostr: "...discovered a vulnerability (a signal handler race condition) in OpenSSH's server ...
"...discovered a vulnerability (a signal handler race condition) in
OpenSSH's server (sshd): if a client does not authenticate within
LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions)"
"This vulnerability is exploitable remotely on glibc-based Linux systems, ... an unauthenticated remote code execution as root,
because it affects sshd's privileged code, which is not sandboxed and
runs with full privileges."
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt#security #netsec #linux #ssh
Published at
2024-07-01 12:01:47Event JSON
{
"id": "377bb59124731df3304899b4c4a7e4e64d68c6f31f20499d308f1dbf53ec037e",
"pubkey": "c1f508d6095df2f21aad0aa196584a9cb74f804fe8e181daf205ecdc9a74b700",
"created_at": 1719828107,
"kind": 1,
"tags": [
[
"t",
"security"
],
[
"t",
"netsec"
],
[
"t",
"linux"
],
[
"t",
"ssh"
]
],
"content": "\"...discovered a vulnerability (a signal handler race condition) in\nOpenSSH's server (sshd): if a client does not authenticate within\nLoginGraceTime seconds (120 by default, 600 in old OpenSSH versions)\"\n\n\"This vulnerability is exploitable remotely on glibc-based Linux systems, ... an unauthenticated remote code execution as root,\nbecause it affects sshd's privileged code, which is not sandboxed and\nruns with full privileges.\"\n\nhttps://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt\n\n#security #netsec #linux #ssh",
"sig": "ce1a5c160f6884ce9d46e75a48afa6b8fbe1a8e0930451e524c270baf6bd196696a1c8d0b0aa3f4c54730f50a1e02278cadb4387636b9a5a2ef499155c1556e0"
}