CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
13.8%
A race condition vulnerability was discovered in how signals are handled by
OpenSSH’s server (sshd). If a remote attacker does not authenticate within
a set time period, then sshd’s SIGALRM handler is called asynchronously.
However, this signal handler calls various functions that are not
async-signal-safe, for example, syslog(). As a consequence of a successful
attack, in the worst case scenario, an attacker may be able to perform a
remote code execution (RCE) as an unprivileged user running the sshd
server.
Author | Note |
---|---|
seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
sbeattie | Potential issue appears to have only been present in openssh 8.7p1 and 8.8p1, versions not present in currently supported Ubuntu releases. |