OpenSSH Race condition resulting in potential remote code execution
OpenSSH 9.8, released on July 1, 2024, addresses critical security issues like ObscureKeystrokeTiming vulnerabilities in sshd(8) and ssh(1), plans to deprecate DSA support, and introduces penalties for failed authentications. Various improvements included.
Read original article
OpenSSH 9.8 was released on July 1, 2024, with critical security fixes for vulnerabilities in sshd(8) and ssh(1) ObscureKeystrokeTiming. The sshd(8) vulnerability could allow arbitrary code execution with root privileges on certain systems. The ssh(1) bug could reveal real keystrokes to passive observers. OpenSSH plans to deprecate DSA support in early 2025 due to its inherent weaknesses. The release introduces penalties for client addresses failing authentication in sshd(8) and disables DSA by default at compile time. Various bug fixes and improvements have been made, including changes to log messages, stricter validation in ssh-keysign(8), and enhancements to sftp-server(8). The release also includes portability improvements and clarifications in documentation. Users are encouraged to update to OpenSSH 9.8 to benefit from these security enhancements and bug fixes.
Related
SSH as a Sudo Replacement
Using SSH instead of sudo, the article addresses limitations of setuid binaries for privilege escalation. It details configuring s6-sudod to allow authorized users root access securely, emphasizing OpenSSH's security features.
Arbitrary shell command evaluation in Org Mode (GNU Emacs)
A vulnerability in Emacs Org mode allowed arbitrary shell command execution. A fix in Emacs 29.4 and Org 9.7.5 prevents unsafe code evaluation in link abbreviations, advising users to apply the patch.
XZ backdoor: Hook analysis
Kaspersky experts analyzed the XZ backdoor in OpenSSH 9.7p1, revealing hidden connections, SSH authentication bypass, and remote code execution capabilities. The backdoor manipulates RSA keys, uses steganography, and executes commands.
MOVEit Transfer: Auth bypass and a look at exposure
Progress Software disclosed two critical authentication bypass CVEs affecting MOVEit Transfer and Gateway products on June 25, 2024. CVE-2024-5806 was upgraded from High to Critical. Censys reported 2,700 instances concentrated in the US, emphasizing ongoing vigilance.
OpenSSL CVE-2024-5535: `SSL_select_next_proto` buffer overread
A bug, CVE-2024-5535, in OpenSSL since 2011 allows heap data leakage. Impacts Python <= 3.9, Node.js <= 9. NPN support removal in newer versions reduces risk. Bug affects SSL_select_next_proto in OpenSSL, BoringSSL, LibreSSL. Memory safety risks demand caution and updates.
7 commentsFYI that's every version published after 2021-03-03
That's got to be 99% of all linux machines in the world with an ssh daemon running right?
So SIGALRM because of the timer firing?
Out of curiosity... any rust sshd implementations? I found libraries, but no plug&play replacement for openssh?
As someone who doesn't know this kind of stuff well, will this cause OpenBSD to have to update the statement above?
EDIT:
TFA says:
> OpenBSD is not vulnerable.
Related
SSH as a Sudo Replacement
Using SSH instead of sudo, the article addresses limitations of setuid binaries for privilege escalation. It details configuring s6-sudod to allow authorized users root access securely, emphasizing OpenSSH's security features.
Arbitrary shell command evaluation in Org Mode (GNU Emacs)
A vulnerability in Emacs Org mode allowed arbitrary shell command execution. A fix in Emacs 29.4 and Org 9.7.5 prevents unsafe code evaluation in link abbreviations, advising users to apply the patch.
XZ backdoor: Hook analysis
Kaspersky experts analyzed the XZ backdoor in OpenSSH 9.7p1, revealing hidden connections, SSH authentication bypass, and remote code execution capabilities. The backdoor manipulates RSA keys, uses steganography, and executes commands.
MOVEit Transfer: Auth bypass and a look at exposure
Progress Software disclosed two critical authentication bypass CVEs affecting MOVEit Transfer and Gateway products on June 25, 2024. CVE-2024-5806 was upgraded from High to Critical. Censys reported 2,700 instances concentrated in the US, emphasizing ongoing vigilance.
OpenSSL CVE-2024-5535: `SSL_select_next_proto` buffer overread
A bug, CVE-2024-5535, in OpenSSL since 2011 allows heap data leakage. Impacts Python <= 3.9, Node.js <= 9. NPN support removal in newer versions reduces risk. Bug affects SSL_select_next_proto in OpenSSL, BoringSSL, LibreSSL. Memory safety risks demand caution and updates.