Security Advisory

RedHat Linux OpenSSH Security Advisory (CVE-2024-6409)

  • Jul 10 2024

Overview

A race condition vulnerability has been discovered in the signal handler of sshd, an OpenSSH server provided by RedHat Linux. Users of affected products are advised to update to the latest version.

 

Affected Products

CVE-2024-6409

  • OpenSSH Versions: 8.7, 8.8, and portable releases based on those versions [2]

 

 

Resolved Vulnerabilities

A signal handler race condition vulnerability in the OpenSSH server (sshd) allows remote code execution (RCE) in the privsep child process (CVE-2024-6409)

The following is a discussion of CVE-2024-6409.

  • Exploitation of this vulnerability has not yet been attempted and has not been clearly demonstrated. [2]
  • The CNA for this CVE is Red Hat, and while the CVE is listed as a CPE at the time of issuance with only Red Hat family software affected, it does not clearly state that the CVE only affects Red Hat’s OpenSSH sshd at the time of publication. [3], [4]

 

 

Vulnerability Patches

CVE-2024-6409

  • Red Hat OpenSSH Package: openssh-7.6p1-audit.patch
  • Red Hat notes that this only affects the sshd server shipped with Red Hat Enterprise Linux 9, and that upstream versions of sshd are not affected. [5]

 

 

vulnerability Workaround

If you are unable to update sshd(8), you can mitigate this signal handler race condition by setting LoginGraceTime to 0 in /etc/ssh/sshd_config and restarting sshd(8). this leaves sshd(8) vulnerable to a denial of service (exhausting all MaxStartups connections), but safe from the remote code execution presented in this advisory.
the following are the steps to mitigate the vulnerability

1) Open /etc/ssh/sshd_config as the root user.

2) Add or edit the parameter configuration.

  • loginGraceTime 0
     

3) Save and close the file.

4) Restart the sshd daemon.

  • systemctl restart sshd.service

 

 

references

[1] CVE-2024-6409 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-6409

[2] Openwall
https://www.openwall.com/lists/oss-security/2024/07/08/2

[3] Openwall
https:// http://www.openwall.com/lists/oss-security/2024/07/09/2

[4] Openwall
https:// http://www.openwall.com/lists/oss-security/2024/07/09/5

[5] RedHat
https:// access.redhat.com/security/cve/CVE-2024-6409

Tags:

Previous Post

Next Post