发布时间: 2024年7月2日
修改时间: 2024年10月31日
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Network | Network |
| CVSS评分 | 8.1 | 8.1 |
| Attack Complexity | High | High |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-2958 | openssh security update | 2024年7月2日 |
| KylinSec-SA-2024-4794 | openssh security update | 2025年2月17日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.5.2 | openssh | Fixed |
| V6 | openssh | Fixed |
| KY3.5.3 | openssh | Fixed |
