CVE-2024-6409

July 8, 2024, 6:15 p.m.

7.0
Medium

Description

A signal handler race condition vulnerability was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server.

Product(s) Impacted

Product Versions
OpenSSH
  • Unknown

Weaknesses

CWE-364
Signal Handler Race Condition
The product uses a signal handler that introduces a race condition.

References

http://www.openwall.com/lists/oss-security/2024/07/08/2
https://access.redhat.com/security/cve/CVE-2024-6409
https://bugzilla.redhat.com/show_bug.cgi?id=2295085

Tags

secalert@redhat.com
CWE-364
2024-07-08
CVE-2024-6409

CVSS Score

7.0 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Date

  • Published: July 8, 2024, 6:15 p.m.
  • Last Modified: July 8, 2024, 6:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.