#regreSSHion #OpenSSH #CVE -2024-6387
Recently, the OpenSSH program, which is widely used in the SSH protocol, has a race condition vulnerability.
This vulnerability is from version 8.5p1 => 9.8p1, which will occur against the signal handler Race Condition vulnerability, which in simple words is that in a certain period of time, several parallel threads try to read and some process in the same memory area. Do the writing process.
Here, the priority and delay of the moment of use and the moment of check will be confused, and the vulnerability will make it possible for you to get a few of the 200 requests sent by mistake.
So, how did the vulnerability occur? This vulnerability can be exploited on Linux operating systems that use the glibc library, because the syslog function itself calls the async-signal-unsafe function, which uses malloc and free to allocate memory that is in the region It is system, so the access level will be root.
