CVE-2024-39894

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.

Weakness

The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

Affected Software

Name	Vendor	Start Version	End Version
Openssh	Ubuntu	devel	*
Openssh	Ubuntu	noble	*
Openssh	Ubuntu	upstream	*
Openssh-ssh1	Ubuntu	upstream	*

Potential Mitigations

https://cwe.mitre.org/data/definitions/27.html
https://cwe.mitre.org/data/definitions/29.html

References

http://www.openwall.com/lists/oss-security/2024/07/03/6
http://www.openwall.com/lists/oss-security/2024/07/23/4
http://www.openwall.com/lists/oss-security/2024/07/23/6
http://www.openwall.com/lists/oss-security/2024/07/28/3
https://crzphil.github.io/posts/ssh-obfuscation-bypass/
https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
https://news.ycombinator.com/item?id=41508530
https://security.netapp.com/advisory/ntap-20240712-0004/
https://www.openssh.com/txt/release-9.8
https://www.openwall.com/lists/oss-security/2024/07/02/1

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-39894
CWE	https://cwe.mitre.org/data/definitions/367.html

Time-of-check Time-of-use (TOCTOU) Race Condition

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References