Re: [PLUG] recent vulnerability in OpenSSH

Alan D. Salewski via plug on 1 Jul 2024 13:20:34 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] recent vulnerability in OpenSSH

From: "Alan D. Salewski via plug" <plug@lists.phillylinux.org>
To: PLUG Mailing List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] recent vulnerability in OpenSSH
Date: Mon, 1 Jul 2024 16:25:46 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h=date:from :to:subject:message-id:reply-to:references:mime-version :content-type:in-reply-to; s=sasl; bh=5GgtEpV7zuB7eE8d12Ewo8d43Q 9DLI4VIz/aXfztVdQ=; b=TC7rZBS2IpwjHqZO9VYOIIZ+V3lL8dIZU5RN8nECLm /0aO5pxcOvCW/kNU9wHs9542er2RjKCRu9Rm9inkV1hTWZOKGsLHq2jjSsU2pkhX 3Q55aqvkSqmDkPdbur10PH4W1MFLGHhHZKJKb8S63ALAD1fag007VZxnNOuOYrkF g=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed; d=salewski.email; h=date:from:to:subject:message-id:reply-to:references:mime-version:content-type:in-reply-to; s=2020-09.pbsmtp; bh=5GgtEpV7zuB7eE8d12Ewo8d43Q9DLI4VIz/aXfztVdQ=; b=n8/xpi6ZyLwW2EpSzJybato1yPLDY0b6V+ZH2YcEWk9wOXbN4p8E5OHMLu/gUe7jZ5koxMTZ+1OlvMFp3ifwVP8qVgGyad/Xvnbc7mUFgbp4Z3gdjmuf8rkd+9J0SeEbzVuQBGP3nOQIK4dmYu+B2hwZycr7nARUQ/7qSJMfLfM=
Mail-followup-to: PLUG Mailing List <plug@lists.phillylinux.org>
Reply-to: "Alan D. Salewski" <salewski@att.net>, "Alan D. Salewski" <ads@salewski.email>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mutt/2.0.5 (2021-01-21)

On 2024-07-01 16:21:40, "Alan D. Salewski via plug" <plug@lists.phillylinux.org> spake thus:
[...]

This note from Damien Miller on the 'oss-security' list has a workaround plus
patches:

    https://www.openwall.com/lists/oss-security/2024/07/01/2


I hit send too quickly; I meant to include djm's blurb about the workaround:
<quote>
    Regarding the race condition fixed in OpenSSH 9.8. A mitigation to
    prevent exploitation of this bug is to disable the login grace timer
    by setting LoginGraceTime=0 in sshd_config. This will however make
    it much easier for an attacker to deny service to sshd.
</quote>

--
a l a n   d.   s a l e w s k i
ads@salewski.email
salewski@att.net
https://github.com/salewski
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] recent vulnerability in OpenSSH
  - From: Martin Cracauer via plug <plug@lists.phillylinux.org>

References:
- [PLUG] recent vulnerability in OpenSSH
  - From: Michael Lazin via plug <plug@lists.phillylinux.org>
- Re: [PLUG] recent vulnerability in OpenSSH
  - From: "Alan D. Salewski via plug" <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] recent vulnerability in OpenSSH
Next by Date: Re: [PLUG] recent vulnerability in OpenSSH
Previous by thread: Re: [PLUG] recent vulnerability in OpenSSH
Next by thread: Re: [PLUG] recent vulnerability in OpenSSH
Index(es):
- Date
- Thread