CVE-2024-39894

CVE-2024-39894

Name

CVE-2024-39894

Description

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	https://www.openssh.com/txt/release-9.8
	https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
	https://www.openwall.com/lists/oss-security/2024/07/02/1
mailing-list	http://www.openwall.com/lists/oss-security/2024/07/03/6
	https://security.netapp.com/advisory/ntap-20240712-0004/
mailing-list	http://www.openwall.com/lists/oss-security/2024/07/23/4
mailing-list	http://www.openwall.com/lists/oss-security/2024/07/23/6
mailing-list	http://www.openwall.com/lists/oss-security/2024/07/28/3
cve@mitre.org	https://crzphil.github.io/posts/ssh-obfuscation-bypass/
cve@mitre.org	https://news.ycombinator.com/item?id=41508530
af854a3a-2127-422b-91ae-364da2661108	https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2024/Sep/33

Type

URI

https://www.openssh.com/txt/release-9.8

https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html

https://www.openwall.com/lists/oss-security/2024/07/02/1

mailing-list

http://www.openwall.com/lists/oss-security/2024/07/03/6

https://security.netapp.com/advisory/ntap-20240712-0004/

mailing-list

http://www.openwall.com/lists/oss-security/2024/07/23/4

mailing-list

http://www.openwall.com/lists/oss-security/2024/07/23/6