Summary
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.
Products Potentially Affected
|
OS/Product
|
Exposure
|
|
ExtremeCloud IQ Controller (IQC/XCC)
|
Yes
|
Repair Recommendations
- Fixed in 10.12.1 or later.
Please see the full Security Advisory article here for more details and future updates.
