Security

633 readers

2 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

All instance-wide rules apply.
Keep it totally legal.
Remember the human, be civil.
Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago

MODERATORS

[email protected]

CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems (seclists.org)

submitted 4 months ago by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

Regression in signal handler.

This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd's privileged code, which is not sandboxed and runs with full privileges.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] -1 points 4 months ago (6 children)

what does that mean? I don't understand multiple signs in the same sentence and what is the significance of having "OpenSSH" in the middle?

[–] [email protected] 3 points 4 months ago (5 children)

You can read them as separate statements with the middle repeated and a logical AND between them:

If (8.5p1 <= your OpenSSH version) AND (your OpenSSH version < 9.8p1) Then you are vulnerable

It’s the same as saying if your OpenSSH version is between these two versions (including 8.5p1, but not 9.8p1), then you are vulnerable

[–] [email protected] -1 points 4 months ago (4 children)

I don't get it... wouldn't everything < 9.8p1 already include <= 8.5p1? So why is it even necessary to mention?

[–] [email protected] 4 points 4 months ago

Because this is a regression and this particular issue was introduced in 8.5p1. So it only affects versions newer than that, up until when it was fixed in 9.8p1.

load more comments (3 replies)