Skip to main content

Signal Handler Race Condition

CVE-2024-6387

Severity High
Score 8.1/10

Summary

OpenSSH server (sshd) versions prior to 4.4p1, and 8.5p1 through 9.7p1 are vulnerable to Arbitrary Code Execution by a signal handler race condition where a client does not authenticate within "LoginGraceTime" seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, "syslog().root" privileges due to a race condition in signal handling.

  • HIGH
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-364 - Signal Handler Race Condition

The software uses a signal handler that introduces a race condition.

Advisory Timeline

  • Published