发布于3月6日3月6日 Members Rocky Linux: CVE-2024-6387: openssh: Possible remote code execution due to a race condition in signal handling Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/23/2024 Added 07/22/2024 Modified 12/11/2024 Description A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Solution(s) rocky-upgrade-openssh rocky-upgrade-openssh-askpass rocky-upgrade-openssh-askpass-debuginfo rocky-upgrade-openssh-clients rocky-upgrade-openssh-clients-debuginfo rocky-upgrade-openssh-debuginfo rocky-upgrade-openssh-debugsource rocky-upgrade-openssh-keycat rocky-upgrade-openssh-keycat-debuginfo rocky-upgrade-openssh-server rocky-upgrade-openssh-server-debuginfo rocky-upgrade-openssh-sk-dummy-debuginfo rocky-upgrade-pam_ssh_agent_auth rocky-upgrade-pam_ssh_agent_auth-debuginfo References https://attackerkb.com/topics/cve-2024-6387 CVE - 2024-6387 https://access.redhat.com/errata/RHSA-2024:4312
