CVE-2024-6387 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Authentication bypass
Description	A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2855	openssh	9.7p1-2	9.8p1-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
01 Jul 2024	ASA-202407-1	AVG-2855	openssh	High	authentication bypass

References
https://www.openwall.com/lists/oss-security/2024/07/01/3 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://github.com/openssh/openssh-portable/commit/81c1099d22b81ebfd20a334ce986c4f753b0db29

References

https://www.openwall.com/lists/oss-security/2024/07/01/3
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
https://github.com/openssh/openssh-portable/commit/81c1099d22b81ebfd20a334ce986c4f753b0db29