What are you looking for ?
Advertise with us
RAIDON

Synology Security Advisory-24:08 regreSSHion

None products are affected by CVE-2024-6387 as this vulnerability only affect OpenSSH versions before 4.4p1 and after 8.5p1.

Synology, Inc. had published a security advisory concerning OpenSSH.

Publish Time: 2024-07-02 14:25:22 UTC+8
Last Updated: 2024-07-02 14:25:22 UTC+8
Severity: Not affected
Status: Resolved

Abstract
None of Synology’s products are affected by CVE-2024-6387 as this vulnerability only affect OpenSSH versions before 4.4p1 and after 8.5p1.

Affected products

Product

Severity

Fixed release availability

DSM 7.2

Not affected

N/A

DSM 7.1

Not affected

N/A

DSM 6.2

Not affected

N/A

DSMUC 3.1

Not affected

N/A

SRM 1.3

Not affected

N/A

BC500

Not affected

N/A

TC500

Not affected

N/A

VS600HD

Not affected

N/A

Mitigation: None

Detail

  • CVE-2024-6387
    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N
    • A signal handler race condition was found in OpenSSH’s server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd’s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().

Reference: CVE-2024-6387

Revision

Revision

Date

Description

1

2024-07-02

Initial public release.

 

Articles_bottom
ExaGrid
AIC
ATTO
OPEN-E