"...discovered a vulnerability (a signal handler race condition) in
OpenSSH's server (sshd): if a client does not authenticate within
LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions)"
"This vulnerability is exploitable remotely on glibc-based Linux systems, ... an unauthenticated remote code execution as root,
because it affects sshd's privileged code, which is not sandboxed and
runs with full privileges."
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
#security #netsec #linux #ssh