[Midnightbsd-cvs] [MidnightBSD/src] 00adcc: A signal handler in sshd(8) calls a function that ...
Lucas Holt
noreply at github.com
Mon Jul 1 09:51:23 EDT 2024
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: 00adcc7a9437e86efa55284037c3f17a98837579
https://github.com/MidnightBSD/src/commit/00adcc7a9437e86efa55284037c3f17a98837579
Author: Lucas Holt <luke at foolishgames.com>
Date: 2024-07-01 (Mon, 01 Jul 2024)
Changed paths:
M crypto/openssh/log.c
M crypto/openssh/version.h
Log Message:
-----------
A signal handler in sshd(8) calls a function that is not async-signal-safe.
The signal handler is invoked when a client does not authenticate within the
LoginGraceTime seconds (120 by default). This signal handler executes in the
context of the sshd(8)'s privileged code, which is not sandboxed and runs
with full root privileges.
This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd
and accidentally reintroduced in OpenSSH 8.5p1.
Obtained from: OpenSSH/FreeBSD
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list