CVE-2024-6409

Summary

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 90:8.7p1-38.el9_4.4 < *unaffected
Red HatRed Hat Enterprise Linux 90:8.7p1-38.el9_4.4 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:8.7p1-12.el9_0.3 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support0:8.7p1-30.el9_2.7 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.13413.92.202408122222-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.14414.92.202407300859-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15415.92.202407301159-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16416.94.202407171205-0 < *unaffected

Weaknesses

  • CWE-364: Signal Handler Race Condition

Workarounds

The process is identical to CVE-2024-6387, by disabling LoginGraceTime. See that CVE page for additional details.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References