Описание
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-39894
- https://crzphil.github.io/posts/ssh-obfuscation-bypass
- https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
- https://news.ycombinator.com/item?id=41508530
- https://security.netapp.com/advisory/ntap-20240712-0004
- https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc
- https://www.openssh.com/txt/release-9.8
- https://www.openwall.com/lists/oss-security/2024/07/02/1
- http://www.openwall.com/lists/oss-security/2024/07/03/6
- http://www.openwall.com/lists/oss-security/2024/07/23/4
- http://www.openwall.com/lists/oss-security/2024/07/23/6
- http://www.openwall.com/lists/oss-security/2024/07/28/3
Связанные уязвимости
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks aga ...