```
[md]# ***本人小白菜,又小白又菜。此处写出的内容仅作为抛砖引玉,望各位大佬补充。***
-----------------------
# 说明部分 [(来源 我家的通知频道)](https://t.me/HomuraNetwork/65)
## 简介
在 OpenSSH 中发现了一个远程代码执行(RCE)漏洞,原因是异步调用 sshd 的 SIGALRM 处理程序的代码不是异步信号安全的。这个漏洞存在于 OpenSSH < 4.4p1 或 8.5p1 We discovered a vulnerability (a signal handler race condition) in OpenSSH's server (sshd): if a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe (for example, syslog()). This race condition affects sshd in its default configuration.
>
> ·----------------------------·
> ·-- (Translated by OpenAI) --·
> ·----------------------------·
> 我们在OpenSSH的服务器(sshd)中发现了一个漏洞(信号处理器竞态条件):如果客户端在LoginGraceTime秒内(默认为120,旧版OpenSSH为60
...查看全文