themrhagan (0)

@ccondon-r7 yea, its a very low likelihood of it triggering but it is still theoretically possible so I wanted to call it out. Again though, very low likelihood with the compounded effects of the race condition triggering with ASLR.

Hey, quick follow up as well – I think CVE-2024-6387 does affect 64-bit systems. The vulnerability, which is a signal handler race condition in OpenSSH, impacts both 32-bit and 64-bit architectures on glibc-based Linux distributions. While the proof-of-concept exploit was initially developed for 32-bit (x86) systems, it has been indicated that 64-bit (amd64) systems are theoretically vulnerable as well. Exploiting CVE-2024-6387 on 64-bit systems is less likely due to robust Address Space Layout Randomization (ASLR) and the increased complexity of memory allocation, which make precise timing and memory manipulation more challenging.