CVE-2024-39894

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.

Weakness

The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/27.html
• https://cwe.mitre.org/data/definitions/29.html

References

• http://www.openwall.com/lists/oss-security/2024/07/03/6
• http://www.openwall.com/lists/oss-security/2024/07/23/4
• http://www.openwall.com/lists/oss-security/2024/07/23/6
• http://www.openwall.com/lists/oss-security/2024/07/28/3
• https://crzphil.github.io/posts/ssh-obfuscation-bypass/
• https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
• https://news.ycombinator.com/item?id=41508530
• https://security.netapp.com/advisory/ntap-20240712-0004/
• https://www.openssh.com/txt/release-9.8
• https://www.openwall.com/lists/oss-security/2024/07/02/1
• http://www.openwall.com/lists/oss-security/2024/07/03/6
• http://www.openwall.com/lists/oss-security/2024/07/23/4
• http://www.openwall.com/lists/oss-security/2024/07/23/6
• http://www.openwall.com/lists/oss-security/2024/07/28/3
• https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
• https://security.netapp.com/advisory/ntap-20240712-0004/
• https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc
• https://www.openssh.com/txt/release-9.8
• https://www.openwall.com/lists/oss-security/2024/07/02/1