PRIOn Logo

CVE-2024-6409 Race condition

Routine
Remediate Within 6 Months

CVE Information

Original CVE data

Published:
Updated:

A signal handler race condition vulnerability was found in OpenSSH's server (sshd) in Red Hat Enterprise Linux 9, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server. This vulnerability affects only the sshd server shipped with Red Hat Enterprise Linux 9, while upstream versions of sshd are not impact by this flaw.

CWE: CWE-364
CVSS v2-
CVSS v3-
References
https://access.redhat.com/security/cve/CVE-2024-6409
https://bugzilla.redhat.com/show_bug.cgi?id=2295085
http://www.openwall.com/lists/oss-security/2024/07/08/2
https://explore.alas.aws.amazon.com/CVE-2024-6409.html
https://sig-security.rocky.page/issues/CVE-2024-6409/
https://ubuntu.com/security/CVE-2024-6409
https://security-tracker.debian.org/tracker/CVE-2024-6409
http://www.openwall.com/lists/oss-security/2024/07/09/2
http://www.openwall.com/lists/oss-security/2024/07/09/5
https://bugzilla.suse.com/show_bug.cgi?id=1227217
https://www.suse.com/security/cve/CVE-2024-6409.html
https://almalinux.org/blog/2024-07-09-cve-2024-6409/
http://www.openwall.com/lists/oss-security/2024/07/10/1
http://www.openwall.com/lists/oss-security/2024/07/10/2
https://github.com/openela-main/openssh/commit/c00da7741d42029e49047dd89e266d91dcfbffa0
Affected Vendors

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Race condition

CVSS Scores as calculated by PRIOnengine
CVSS v26.8
AV:N/AC:M/AU:N/C:P/I:P/A:P
CVSS v37
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
MITRE CWE Top 25

-

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

T1499.004 - Endpoint Denial of Service (Application or System Exploitation)
T1203 - Exploitation for Client Execution
T1059 - Command and Scripting Interpreter

Compliance Impact

How the submited vulnerability affects compliance

-

Web Application Security Frameworks

Applicable if the issue likely affects a web application

-