13 matches found
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2455)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K000140975: OpenSSH vulnerability CVE-2024-6409
Security Advisory Description A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various...
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2159)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-7589
A signal handler in sshd8 may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 120 by default. This signal handler executes in the context of the sshd8's privileged code, which is not sandbox...
CVE-2024-7589
A signal handler in sshd8 may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 120 by default. This signal handler executes in the context of the sshd8's privileged code, which is not sandbox...
EulerOS 2.0 SP11 : openssh (EulerOS-SA-2024-2089)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime seconds 120 by...
OpenSSH -- Pre-authentication async signal safety issue
The FreeBSD Project reports: A signal handler in sshd8 may call a logging function that is not async- signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 120 by default. This signal handler executes in the context of the sshd8's...
CVE-2024-6409
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...
[ASA-202407-1] openssh: authentication bypass
Arch Linux Security Advisory ASA-202407-1 ========================================= Severity: High Date : 2024-07-01 CVE-ID : CVE-2024-6387 Package : openssh Type : authentication bypass Remote : Yes Link : https://security.archlinux.org/AVG-2855 Summary ======= The package openssh before version...
CVE-2008-4109
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service connection sl...
Updated socat packages fix CVE-2015-1379
Updated socat package fixes security vulnerability: In socat before 2.0.0-b8, signal handler implementations are not async-signal-safe and can cause crash or freeze of socat processes. Mostly this issue occurs when socat is in listening mode with fork option and a couple of child processes...
Debian: Security Advisory (DSA-1638-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Code injection
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service connection sl...