CVE-2024-6409

2024-07-0800:00:00

ubuntu.com

cve-2024-6409

race condition

openssh

privsep

cleanup_exit

do_cleanup

authentication

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

7.9

Confidence

High

EPSS

Percentile

13.8%

JSON

A race condition vulnerability was discovered in how signals are handled by
OpenSSH’s server (sshd). If a remote attacker does not authenticate within
a set time period, then sshd’s SIGALRM handler is called asynchronously.
However, this signal handler calls various functions that are not
async-signal-safe, for example, syslog(). As a consequence of a successful
attack, in the worst case scenario, an attacker may be able to perform a
remote code execution (RCE) as an unprivileged user running the sshd
server.

Notes

Author	Note
seth-arnold	openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment.
sbeattie	Potential issue appears to have only been present in openssh 8.7p1 and 8.8p1, versions not present in currently supported Ubuntu releases.