Signal Handler Race Condition
CVE-2024-6387
Summary
OpenSSH server (sshd) versions prior to 4.4p1, and 8.5p1 through 9.7p1 are vulnerable to Arbitrary Code Execution by a signal handler race condition where a client does not authenticate within "LoginGraceTime" seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, "syslog().root" privileges due to a race condition in signal handling.
- HIGH
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-364 - Signal Handler Race Condition
The software uses a signal handler that introduces a race condition.
References
Advisory Timeline
- Published