all InfoSec News logo
all InfoSec News - Your InfoSec news aggregator
Log in Sign up
all InfoSec News

OpenSSH Server regreSSHion Remote Code Execution

Add to bookmarks
July 1, 2024, 3 p.m. |

Packet Storm packetstormsecurity.com

Qualys has discovered a a signal handler race condition vulnerability in OpenSSH's server, sshd. If a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe - for example, syslog(). This race condition affects sshd in its default configuration.

async authenticate called client code code execution default functions old openssh qualys race race condition regresshion remote code remote code execution safe server signal sshd syslog vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

WordPress Video Gallery - YouTube Gallery And Vimeo Gallery 2.3.6 SQL Injection 2 days, 11 hours ago | packetstormsecurity.com
gallery injection sql sql injection +6
Cinema Booking System 1.0 SQL Injection / Cross Site Request Forgery 2 days, 11 hours ago | packetstormsecurity.com
booking cinema forgery injection +7
Gentoo Linux Security Advisory 202407-17 2 days, 11 hours ago | packetstormsecurity.com
advisory arbitrary code arbitrary code execution busybox +8
Gentoo Linux Security Advisory 202407-16 2 days, 11 hours ago | packetstormsecurity.com
advisory arbitrary code arbitrary code execution buffer +12
Ubuntu Security Notice USN-6879-1 2 days, 11 hours ago | packetstormsecurity.com
attacker crash denial of service issue +8
Ubuntu Security Notice USN-6873-2 2 days, 11 hours ago | packetstormsecurity.com
accelerator access analytics attacker +22
Gentoo Linux Security Advisory 202407-15 2 days, 11 hours ago | packetstormsecurity.com
advisory arbitrary code arbitrary code execution code +7
Gentoo Linux Security Advisory 202407-14 2 days, 11 hours ago | packetstormsecurity.com
advisory code code execution gentoo +7
Ubuntu Security Notice USN-6872-2 2 days, 11 hours ago | packetstormsecurity.com
attacker compromise issues kernel +9

Jobs in InfoSec / Cybersecurity

Find Talent

Principal Architect - LINUX - Active Top Secret Required

@ General Dynamics Information Technology | USA DC Washington - Customer Proprietary (DCC076)
View on infosec-jobs.com

Expert SOAR (CORTEX)

@ Alter Solutions | PARIS, France
View on infosec-jobs.com

Program Management Analyst

@ Peraton | Arlington, VA, United States
View on infosec-jobs.com

Gestion des menaces et des vulnérabilités

@ Alter Solutions | Paris, France
View on infosec-jobs.com

Senior IAM Security Engineer

@ WEX | Brazil - Remote Office
View on infosec-jobs.com

Senior Information Security Engineer

@ Ameriprise Financial Services | 11071 Ameriprise India - Hyderabad
View on infosec-jobs.com