Cybersecurity

5618 readers

250 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago

MODERATORS

[email protected]

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387) (www.qualys.com)

submitted 4 months ago by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

The following summary from Debian's security list:

The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration.

top 5 comments

sorted by: hot top controversial new old

[–] [email protected] 4 points 4 months ago (1 children)

That looks horrible.

[–] [email protected] 1 points 4 months ago* (last edited 4 months ago) (1 children)

indeed, but your SSH ports should not be hanging out in the wind for any old IP to hit.

[–] [email protected] 3 points 4 months ago

openssh is typically quite robust, this is a rare exception

[–] [email protected] 2 points 4 months ago (1 children)

On June 6, 2024, this signal handler race condition was fixed by commit 81c1099 ("Add a facility to sshd(8) to penalise particular problematic client behaviours"), which moved the async-signal-unsafe code from sshd's SIGALRM handler to sshd's listener process, where it can be handled synchronously:

https://github.com/openssh/openssh-portable/commit/81c1099d22b81ebfd20a334ce986c4f753b0db29

Because this fix is part of a large commit (81c1099), on top of an even larger defense-in-depth commit (03e3de4, "Start the process of splitting sshd into separate binaries"), it might prove difficult to backport.

Oh shit, now squash on merge folks can claim "defense-in-depth".

Always makes me think of this comic by geek and poke

Anti Commercial-AI license

[–] [email protected] 2 points 4 months ago

It says 4.4 to 8.4 versions are not vulnerable. A lot of old distro releases are on these versions, Debian 10, 11, Ubuntu 20.04 LTS is not affected https://pkgs.org/download/openssh-server