CVE-2024-6409

2024-07-0818:15:09

Debian Security Bug Tracker

security-tracker.debian.org

openssh

vulnerability

race condition

signal handler

server

sshd

unprivileged child

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

8.2

Confidence

High

EPSS

Percentile

13.8%

JSON

A race condition vulnerability was discovered in how signals are handled by OpenSSH’s server (sshd). If a remote attacker does not authenticate within a set time period, then sshd’s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.

OSVersionArchitecturePackageVersionFilename
Debian12allopenssh< 1:9.2p1-2+deb12u3openssh_1:9.2p1-2+deb12u3_all.deb
Debian11allopenssh< 1:8.4p1-5+deb11u3openssh_1:8.4p1-5+deb11u3_all.deb
Debian999allopenssh< 1:9.8p1-8openssh_1:9.8p1-8_all.deb
Debian13allopenssh< 1:9.8p1-8openssh_1:9.8p1-8_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	openssh	< 1:9.2p1-2+deb12u3	openssh_1:9.2p1-2+deb12u3_all.deb
Debian	11	all	openssh	< 1:8.4p1-5+deb11u3	openssh_1:8.4p1-5+deb11u3_all.deb
Debian	999	all	openssh	< 1:9.8p1-8	openssh_1:9.8p1-8_all.deb
Debian	13	all	openssh	< 1:9.8p1-8	openssh_1:9.8p1-8_all.deb