473,856 Members | 1,403 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

OpenSSH Security Vulnerability: CVE-2024-6387

24 New Member
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().

  • https://cloud.google.co m/compute/docs/security-bulletins?&_gl= 1*1nzlcun*_ga*N zE0MjU2MzgxLjE3 MTk4NzMwNjQ.*_g a_WH2QY8WWF5*MT cxOTg3MzA2NC4xL jAuMTcxOTg3MzA2 NS41OS4wLjA.&_g a=2.48702560.-714256381.17198 73064#gcp-2024-040
  • https://www.openssh.com/txt/release-9.8
  • https://ubuntu.com/security/CVE-2024-6387
  • https://explore.alas.aw s.amazon.com/CVE-2024-6387.html
  • https://psirt.global.so nicwall.com/vuln-detail/SNWLID-2024-0010
  • https://psirt.global.so nicwall.com/vuln-detail/SNWLID-2024-0010
2 Weeks Ago #1
0 108

Sign in to post your reply or Sign up for a free account.

Similar topics

by: Tim Tyler | last post by:
Today's: "Directory Traversal Vulnerability": - http://secunia.com/advisories/10955/ More evidence tht PHP was hacked together rapidly without a great deal of thought being given to security. -- __________ |im |yler http://timtyler.org/ tim@tt1lock.org Remove lock to reply.
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data and some who couldn't but that it wasn't important right now. And I said, 'sure, we can do that later'. So now I've developed an app without any thought to security and am trying to apply it afterwards. Doh!, doh! and triple doh!
by: Bob Alston | last post by:
Could develop web pages that would interact with the access/jet database - like DAP but without the security flaw??? One of Access' competitors (Filemaker Pro as I recall) touts its EASY way to build web forms using its product. Sounds like they are trying to beat Access in a new venue - the web. Bob Alston bobalston9 AT yahoo DOT com
by: Norman Diamond | last post by:
Page http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vclib/html/_crt_sscanf.2c_.swscanf.asp says: > Security Note When reading a string with sscanf, always specify a width > for the %s format (for example, "32%s" instead of "%s"); otherwise, > improperly formatted input can easily cause a buffer overrun. If a programmer obeys MSDN and specifies a format like "32%s" then improperly formatted input can easily cause a...
by: Patrick.O.Ige | last post by:
This what i got from microsoft! GDluck Dear ASP.NET Customer, This alert is to advise you of the availability of a web page that discusses an investigation Microsoft is currently conducting into public reports of a security vulnerability in ASP.NET. A malicious user could provide a specially-formed URL that could result in the unintended serving of secured content.
by: Steve C. Orr [MVP, MCSD] | last post by:
There's a newly discovered vulnerability in ASP.NET that you all need to know about. The easiest solution (which I recommend) is to install VPModule.msi from the following link, but Microsoft has given some other solutions as well. Here's more info: http://www.microsoft.com/security/incident/aspnet.mspx http://support.microsoft.com/?kbid=887289
by: Ken Cox [Microsoft MVP] | last post by:
Hi gang, There have been some updates to the security issue affect ASP.NET sites. Make sure your Web server admins check the page again - Windows Server 2003 is now listed. There's now a tool to help protect your sites. http://www.microsoft.com/security/incident/aspnet.mspx
by: Norm | last post by:
Does anyone have any suggestions for securing against this vulnerability: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1027 Fixes are not yet available from IBM. They will be in FP2 for V9 and FP15 for V8. Would changing the permissions on the db2dump directory so that only instance owner has access be enough?
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.