2024年7月1日，Qualys Threat Research Unit披露OpenSSH服务器在glibc-based Linux系统中存在未经验证的远程代码执行漏洞，该漏洞的CVE编号为2024 - 6387，安全影响评级为高。

💥在sshd中发现一个信号处理程序竞争条件，若客户端在LoginGraceTime秒内（默认120秒，旧OpenSSH版本为600秒）未进行身份验证，sshd的SIGALRM处理程序会异步调用。然而，此信号处理程序调用的各种函数并非异步信号安全的，例如syslog()。

📄有关此漏洞的描述可在Qualys安全咨询中查看，该咨询将随着更多信息的可用而更新，相关咨询可通过https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024链接获取。

🚨此漏洞的安全影响评级为高，CVE编号为CVE - 2024 - 6387，需引起高度重视。

On July 1, 2024, the Qualys Threat Research Unit (TRU) disclosed an unauthenticated, remote code execution vulnerability that affects the OpenSSH server (sshd) in glibc-based Linux systems. 

CVE-2024-6387: A signal handler race condition was found in sshd, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then the sshd SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().

For a description of this vulnerability, see the Qualys Security Advisory.

This advisory will be updated as additional information becomes available.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024

Security Impact Rating: High
CVE: CVE-2024-6387