CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad

CVE-2008-4109
7.80.34%

CVE-2008-4109: The Zombie Deadlock — When Logging Kills Your SSH Daemon

Amit Schendel
Amit Schendel
Senior Security Researcher

Jan 2, 2026·6 min read·4 visits

PoC Available

Executive Summary (TL;DR)

In 2008, multiple Linux distributions patched an OpenSSH vulnerability but accidentally introduced a deadlock condition. By calling `syslog()` inside a `SIGALRM` handler, `sshd` processes could hang indefinitely if interrupted while logging. Attackers could exhaust connection slots (`MaxStartups`), causing a total Denial of Service. This pattern resurfaced in 2024 as CVE-2024-6387, proving that dead code eventually comes back to bite.

A deep dive into a notorious signal handler race condition in OpenSSH that turns security logging into a Denial of Service weapon. This vulnerability highlights the perils of non-async-signal-safe functions and serves as the direct ancestor to the 2024 'regreSSHion' RCE.

Official Patches

UbuntuUbuntu Security Notice USN-649-1
DebianDebian Security Tracker

Technical Appendix

CVSS Score
7.8/ 10
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS Probability
0.34%
Top 99% most exploited

Affected Systems

Debian Etch (4.0)Debian Sid/LennyUbuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSSUSE Linux Enterprise

Affected Versions Detail

Product
Affected Versions
Fixed Version
openssh-server
Debian
< 4.3p2-9etch34.3p2-9etch3
openssh-server
Canonical
Ubuntu 8.04 LTS < USN-649-1USN-649-1
AttributeDetail
CWE IDCWE-364 (Signal Handler Race Condition)
Attack VectorNetwork (AV:N)
CVSS Score7.8 (High)
ImpactDenial of Service (DoS) / Deadlock
Privileges RequiredNone (Pre-auth)
Exploit StatusProof of Concept Available

MITRE ATT&CK Mapping

T1498Network Denial of Service
Impact
T1499Endpoint Denial of Service
Impact
CWE-364
Signal Handler Race Condition

The software handles a signal in a way that causes the software to enter a state in which it is no longer responsive.

Known Exploits & Detection

ExploitDBOpenSSH (Debian/Ubuntu) - Denial of Service Exploit

Vulnerability Timeline

CVE-2006-5051 discovered (Original Signal Race)
2006-09-28
Distributions patch 2006-5051 but introduce deadlock (CVE-2008-4109)
2008-09-00
Public disclosure and fixes for CVE-2008-4109
2008-09-28
Qualys discloses regreSSHion (CVE-2024-6387), linking back to 2008-4109
2024-07-01

References & Sources

  • [1]Qualys Security Advisory: regreSSHion (Discusses history of 2008-4109)
  • [2]NVD - CVE-2008-4109
Related Vulnerabilities
CVE-2006-5051CVE-2024-6387

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.