03 September 2024 IBM i Security Alert: OpenSSH & Signal Manager (03/09/2024)

Hello everyone! New security bulletin published by IBM [CVE-2024-6387].

OpenSSH used by IBM i could allow a remote attacker to execute arbitrary code on the system. This stems from a signal handler race condition that has been incorrectly programmed. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with root privileges on glibc-based Linux systems.

The CVSS score for this vulnerability is a basic 8.1, making it of the utmost importance. We therefore strongly advise you to apply PTF SJ01687 (attachment). Note that this vulnerability seems to be present only on V.5 machines.

For more details on the Security Alert, please visit the official IBM support site: https: //lnkd.in/eJTjs35z

Posted in

Latest news

Alert

IBM i Security Alert – Vulnerability on IBM i: HTTP header injection (18/04/2025)

02 May 2025
Read more
Alert

IBM i Security Alert: Ethernet recovery for certain IBM i adapters (12/03/2025)

12 March 2025
Read more
Alert

IBM i Security Alert: Database bypass denial of service (12/02/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Privilege elevation (02/25/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Vulnerabilities in the Java SDK (11/02/2025)

11 February 2025
Read more
Alert

IBM i Security Alert: RDi XStream (27/01/2025)

27 January 2025
Read more
Alert

IBM i Security Alert: IBM PowerHA SystemMirror (13/01/2025)

13 January 2025
Read more
Alert

IBM i Security Alert: 2 critical vulnerabilities in Rational Developer for i (RDi)!(10/12/2024)

10 December 2024
Read more