Techly NewsGet the app

Get the latest tech news

CVE-2024-6409: OpenSSH: Possible remote code execution in privsep child


Date: Mon, 8 Jul 2024 18:21:06 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: Qualys Security Advisory <qsa@...lys.com> Subject: Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Hi, Today is the coordinated release date to publicly disclose a related issue I found during review of Qualys' findings, with further analysis by Qualys. My summary is: CVE-2024-6409: OpenSSH: Possible remote code execution in privsep child due to a race condition in signal handling OpenSSH versions 8.7 and 8.8 and the corresponding portable releases call cleanup_exit() from grace_alarm_handler() when running in the privsep child process.

[<prev][next>][<thread-prev][thread-next>][day][month][year][list]

Get the Android app

Or read this on Hacker News

Read more on:

Photo of OpenSSH

OpenSSH

Photo of CVE-2024-6409

CVE-2024-6409

Photo of privsep child

privsep child

Related news:

News photo

Over 14M servers may be vulnerable to OpenSSH's regreSSHion RCE flaw. Here's what you need to do

News photo

Over 14 Million Servers May Be Vulnerable To OpenSSH's 'RegreSSHion' RCE Flaw

News photo

Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk

« Buy the MacBook Air M1 for just $649 - the lowest price we've seen
Ransomware Gang Leaks Data Allegedly Stolen from Florida Department of Health »