473,856 Members | 1,403 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

OpenSSH Security Vulnerability: CVE-2024-6387

24 New Member
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().

Resources:
  • https://cloud.google.co m/compute/docs/security-bulletins?&_gl= 1*1nzlcun*_ga*N zE0MjU2MzgxLjE3 MTk4NzMwNjQ.*_g a_WH2QY8WWF5*MT cxOTg3MzA2NC4xL jAuMTcxOTg3MzA2 NS41OS4wLjA.&_g a=2.48702560.-714256381.17198 73064#gcp-2024-040
  • https://www.openssh.com/txt/release-9.8
  • https://ubuntu.com/security/CVE-2024-6387
  • https://explore.alas.aw s.amazon.com/CVE-2024-6387.html
  • https://psirt.global.so nicwall.com/vuln-detail/SNWLID-2024-0010
  • https://psirt.global.so nicwall.com/vuln-detail/SNWLID-2024-0010
2 Weeks Ago #1
0 108

Sign in to post your reply or Sign up for a free account.

Similar topics

16
2376
by: Tim Tyler | last post by:
Today's: "Directory Traversal Vulnerability": - http://secunia.com/advisories/10955/ More evidence tht PHP was hacked together rapidly without a great deal of thought being given to security. -- __________ |im |yler http://timtyler.org/ tim@tt1lock.org Remove lock to reply.
116
7629
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data and some who couldn't but that it wasn't important right now. And I said, 'sure, we can do that later'. So now I've developed an app without any thought to security and am trying to apply it afterwards. Doh!, doh! and triple doh!
24
1711
by: Bob Alston | last post by:
Could develop web pages that would interact with the access/jet database - like DAP but without the security flaw??? One of Access' competitors (Filemaker Pro as I recall) touts its EASY way to build web forms using its product. Sounds like they are trying to beat Access in a new venue - the web. Bob Alston bobalston9 AT yahoo DOT com
1
2229
by: Norman Diamond | last post by:
Page http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vclib/html/_crt_sscanf.2c_.swscanf.asp says: > Security Note When reading a string with sscanf, always specify a width > for the %s format (for example, "32%s" instead of "%s"); otherwise, > improperly formatted input can easily cause a buffer overrun. If a programmer obeys MSDN and specifies a format like "32%s" then improperly formatted input can easily cause a...
0
1112
by: Patrick.O.Ige | last post by:
This what i got from microsoft! GDluck Dear ASP.NET Customer, This alert is to advise you of the availability of a web page that discusses an investigation Microsoft is currently conducting into public reports of a security vulnerability in ASP.NET. A malicious user could provide a specially-formed URL that could result in the unintended serving of secured content.
1
1270
by: Steve C. Orr [MVP, MCSD] | last post by:
There's a newly discovered vulnerability in ASP.NET that you all need to know about. The easiest solution (which I recommend) is to install VPModule.msi from the following link, but Microsoft has given some other solutions as well. Here's more info: http://www.microsoft.com/security/incident/aspnet.mspx http://support.microsoft.com/?kbid=887289
0
794
by: Ken Cox [Microsoft MVP] | last post by:
Hi gang, There have been some updates to the security issue affect ASP.NET sites. Make sure your Web server admins check the page again - Windows Server 2003 is now listed. There's now a tool to help protect your sites. http://www.microsoft.com/security/incident/aspnet.mspx
5
3233
by: Norm | last post by:
Does anyone have any suggestions for securing against this vulnerability: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1027 Fixes are not yet available from IBM. They will be in FP2 for V9 and FP15 for V8. Would changing the permissions on the db2dump directory so that only instance owner has access be enough?
0
9766
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
10702
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
9536
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
7099
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5763
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
5963
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4584
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4177
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
3203
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.