oss-sec mailing list archives
Re: Announce: OpenSSH 9.8 released
From: Christian Fischer <christian.fischer () greenbone net>
Date: Wed, 3 Jul 2024 13:20:22 +0200
Hi, On 02.07.24 1:47 AM, Dominique Martinet wrote:
2) Logic error in ssh(1) ObscureKeystrokeTimingI couldn't find anything on this one.
it seems CVE-2024-39894 got assigned to this now:> OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
> > https://www.cve.org/CVERecord?id=CVE-2024-39894 Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone AG, Neumarkt 12, 49074 Osnabrück, Germany https://www.greenbone.net/ Company registry: Amtsgericht Osnabrück, HRB 218768 Board of directors: Dr. Jan-Oliver Wagner (CEO), Elmar Geese Chairman of the Supervisory Board: Lukas Grunwald
Current thread:
- Announce: OpenSSH 9.8 released Damien Miller (Jul 01)
- Re: Announce: OpenSSH 9.8 released Dominique Martinet (Jul 02)
- Re: Announce: OpenSSH 9.8 released Christian Fischer (Jul 03)
- Re: Announce: OpenSSH 9.8 released Solar Designer (Jul 28)
- Re: Announce: OpenSSH 9.8 released Dominique Martinet (Jul 02)