Aria Suite 8.x CVE-2024-39894

Aria Suite 8.x CVE-2024-39894

search cancel

Aria Suite 8.x CVE-2024-39894

book

Article ID: 384533

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

"OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur."
- https://nvd.nist.gov/vuln/detail/cve-2024-39894

This vulnerability is caused by a feature introduced in OpenSSH version 9.5.
All Photon OS releases have an OpenSSH version lower than 9.5.
The version of OpenSSH on 8.18.x is openssh-9.3p2-10.ph5.x86_64

Environment

Aria Suite 8.x

Resolution

The CVE-2024-39894 does not impact Photon OS.
This vulnerability is specific to OpenSSH 9.5, and Photon OS uses earlier, unaffected versions, such as OpenSSH 9.3p2-10.ph5.x86_64 in Aria Operations 8.18.x versions.

Feedback

thumb_up Yes

thumb_down No