CVE-2008-4109: The Zombie Deadlock — When Logging Kills Your SSH Daemon
Jan 2, 2026·6 min read·2 visits
Executive Summary (TL;DR)
In 2008, multiple Linux distributions patched an OpenSSH vulnerability but accidentally introduced a deadlock condition. By calling `syslog()` inside a `SIGALRM` handler, `sshd` processes could hang indefinitely if interrupted while logging. Attackers could exhaust connection slots (`MaxStartups`), causing a total Denial of Service. This pattern resurfaced in 2024 as CVE-2024-6387, proving that dead code eventually comes back to bite.
A deep dive into a notorious signal handler race condition in OpenSSH that turns security logging into a Denial of Service weapon. This vulnerability highlights the perils of non-async-signal-safe functions and serves as the direct ancestor to the 2024 'regreSSHion' RCE.
Technical Appendix
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CAffected Systems
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
openssh-server Debian | < 4.3p2-9etch3 | 4.3p2-9etch3 |
openssh-server Canonical | Ubuntu 8.04 LTS < USN-649-1 | USN-649-1 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-364 (Signal Handler Race Condition) |
| Attack Vector | Network (AV:N) |
| CVSS Score | 7.8 (High) |
| Impact | Denial of Service (DoS) / Deadlock |
| Privileges Required | None (Pre-auth) |
| Exploit Status | Proof of Concept Available |
MITRE ATT&CK Mapping
The software handles a signal in a way that causes the software to enter a state in which it is no longer responsive.
Known Exploits & Detection
Vulnerability Timeline
Subscribe to updates
Get the latest CVE analysis reports delivered to your inbox.