CVE-2020-27786 ( Race Condition + Use-After-Free )

CC: @ii4gsp

https://ii4gsp.github.io/cve-2020-27786/

#cve #linux #racecondition #uaf #exploit

I feel like the US – in terms technical folk would understand – is in a #raceCondition.

It's a question of whether the pain caused by a collapsing health/social system and the explosion of consumer prices due to irrational tariffs will cause an dethroning uprising before the authoritarianism goes into full martial-law mode.

#uspoli

CVE-2020-27786 ( Race Condition + Use-After-Free ):

https://ii4gsp.github.io/cve-2020-27786/

#cve #uaf #cybersecurity #exploitation #infosec #exploit #racecondition #vulnerability

CVE-2020-27786 ( Race Condition + Use-After-Free ):

https://ii4gsp.github.io/cve-2020-27786/

#cve #uaf #cybersecurity #exploitation #infosec #exploit #racecondition #vulnerability

RHEL 9 OpenSSH packages affected by remote code execution flaw

https://stackdiary.com/rhel-9-openssh-packages-affected-by-remote-code-execution-flaw/

#OpenSSH #Vulnerability #RHEL9 #Security #CyberSecurity #CVE20246409 #RemoteCodeExecution #Linux #Fedora #RaceCondition #SIGALRM #Exploit #PatchManagement #Mitigation #Infosec #Threat #Hackers #Bug #Malware #Glitch #Audit #Syslog #Update #Enterprise #LinuxSecurity #NetworkSecurity #ServerSecurity #CyberThreat #SystemAdmin #TechNews #CVE #Mitre #NIST #OpenSource #DevOps #regreSSHion

Found a #racecondition in a productivity tool for teams limits the number of members a team can have depending on the paid plan. I managed to bypass that limit and have many more users (than the imposed limit) join the same team. 🎉

#bugbounty #hacking #cybersecurity

RegreSSHion strikes again: CVE-2024-6387

Last night a PoC code released which exploits a race condition on OpenSSH. Vulnerable versions listed as from 8.5p1 to 9.7p1!

PoC code:
https://github.com/acrono/cve-2024-6387-poc

More on the topic: This exploit relies on a 18 year old issue: CVE-2006-5051

This vulnerability is believed to impact nearly 12-14 million OpenSSH instances.

Important notice: To get root from the target machine, this exploit code needs a continuous connection like 8 hours to achieve race condition. So don't expect shell in minutes!

#exploit #exploitation #openssh #racecondition #vulnerability #ssh

The current #OpenSSH #racecondition #vulnerability PoC exploit depends on bruteforcing the Address Space Layout Randomization (ASLR) to guess addresses used by the sshd. Thus #exploitation currently appears feasible only if the ASLR entropy is low enough (platforms with 32-bit addressing or systems where ASLR is for some reason completely disabled). Of course this is something you should not rely on and patching is highly recommended as soon as possible.

If for some reason you need to mitigate the vulnerability on systems that don't have security updates or the updates are delayed you can apply the mitigations from the excellent post from Damien Miller at oss-security mailing list: https://www.openwall.com/lists/oss-security/2024/07/01/2

regreSSHion: Remote Code Execution in OpenSSH Server (CVE-2024-6387)

Date: July 1, 2024

CVE: CVE-2024-6387

Vulnerability Type: Race Condition

CWE: [[CWE-362]], [[CWE-665]]

Sources: Qualys

Synopsis

A critical remote code execution (RCE) vulnerability has been identified in OpenSSH's server on glibc-based Linux systems, allowing unauthenticated attackers to execute arbitrary code as root.

Issue Summary

The vulnerability, identified as CVE-2024-6387, is a regression of a previously patched issue (CVE-2006-5051) and affects OpenSSH versions from 8.5p1 to 9.8p1. It arises from a signal handler race condition in the sshd server, leading to unsafe function calls within asynchronous signal handlers.

Technical Key Findings

The flaw involves sshd's SIGALRM handler, which calls non-async-signal-safe functions like syslog(), potentially leading to a heap corruption and enabling remote code execution. The exploit requires precise timing to interrupt specific code paths, leaving the system in an inconsistent state that can be exploited.

Vulnerable Products

• OpenSSH versions 8.5p1 to 9.8p1 on glibc-based Linux systems.

Impact Assessment

Exploitation of this vulnerability allows an attacker to execute arbitrary code as root on affected systems, potentially leading to complete system compromise.

Patches or Workaround

A fix has been implemented in OpenSSH by moving the async-signal-unsafe code to a synchronous context. Users are advised to update to the latest version or set LoginGraceTime to 0 as a temporary mitigation.

Tags

#OpenSSH #CVE-2024-6387 #RCE #RaceCondition #Linux #glibc #SecurityVulnerability #Exploit #Patch

@newfangled

Hi, I'd agree with you on most of that: I had been using my old #nokiaN900 until I needed Google authenticator for my new job: I paid for that, not my employee.

And if #byod was for #corporateSavings like the one just mentioned, let's see how much more they'll spend on #securityIncidents.

But regarding that passage saying "if you can be interrupted and distracted", to me that aspect should be generalized.

I mean: having to #swap between #urgent tasks and yet ever #moreUrgent ones brings to a #raceCondition , which could result in a #kernelPanic .

How would you deal with that?

Regards,
c937

everyday you #racecondition is a good day. find and solve a

Die Ursache dafür war eine Exception, die im Code geworfen wurde, der nach den Tests ausgeführt wurde. Das ist der Grund für das falsche Zählen: Die Tests wurde korrekt ausgeführt, es kam aber danach zu einem Fehler.

Der Grund dafür war eine #RaceCondition, die wiederum verursacht wurde durch ein fehlendes #await Schlüsselwort.

Kurzgesagt: Es läuft jetzt ohne Probleme. Das Finden der Ursache hat ca. 90 Minuten Aufwand mit sich gebracht.

#JS #AsyncProgramming

The Other Kind Of Static Hazard to Your Logic Circuits https://hackaday.com/2023/11/24/the-other-kind-of-static-hazard-to-your-logic-circuits/ #racecondition #Truthtable #MiscHacks #implicant #boolean #k-table #STATIC #logic #gate #and #NOT #ttl #OR

This is exactly what #GNOME #Calendar felt like to me. Great if they are getting closer to fix it. #heisenbug #raceCondition

https://mastodon.social/@nekohayo/110939643457489280

Using the readlink function to avoid symbolic link race conditions when opening a file path

https://security.stackexchange.com/questions/268016/using-the-readlink-function-to-avoid-symbolic-link-race-conditions-when-opening

#racecondition #linux #c

#Teammates past and present confirmed the solution to my #rbac #racecondition woes. Got it implemented, got the #operator installed in the #kubernetes cluster, and got that first line-of-business #workload deployed via its pipeline, without any modifications from developers.

Tomorrow we try to get the other 80+ workloads deployed into that cluster. Automator gonna #automate.

But for now, there is #soup. Tasty, comforting soup on a chilly day.

You know something is #hinky when the #operator you installed in the #kubernetes cluster to make #rbac easier is in a #racecondition against fairly ordinary #kustomize stacks that manage service accounts in namespaces where business workloads will actually run. Because arbitrarily changing service account tokens is exactly what I want to #debug on my first day back from a long break. 🙃 It’s important work for the cluster, but it doesn’t feel like progress.

Cryptocurrency startup fails to subtract before adding, loses $31m - Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take... https://nakedsecurity.sophos.com/2021/12/06/cryptocurrency-startup-fails-to-subtract-before-adding-loses-31m/ #cryptocurrency #racecondition #cryptocoin