We discovered a vulnerability (a signal handler race condition) in
OpenSSH's server (sshd): if a client does not authenticate within
LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions),
then sshd's SIGALRM handler is called asynchronously, but this signal
handler calls various functions that are not async-signal-safe (for
example, syslog()). This race condition affects sshd in its default
configuration.
So SIGALRM because of the timer firing?
Out of curiosity... any rust sshd implementations? I found libraries, but no plug&play replacement for openssh?
So SIGALRM because of the timer firing?
Out of curiosity... any rust sshd implementations? I found libraries, but no plug&play replacement for openssh?