CVE-2024-6409 - Vulnerability Details

CVE-2024-6409 - Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.7846.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Openshift Rhel E4s Rhel Eus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
openssh-0:8.7p1-38.el9_4.4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:4457	2024-07-10T00:00:00Z
openssh-0:8.7p1-38.el9_4.4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:4457	2024-07-10T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
openssh-0:8.7p1-12.el9_0.3	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2024:4910	2024-07-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
openssh-0:8.7p1-30.el9_2.7	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4716	2024-07-23T00:00:00Z
Red Hat OpenShift Container Platform 4.13
rhcos-413.92.202408122222-0	cpe:/a:redhat:openshift:4.13::el9	RHSA-2024:5444	2024-08-22T00:00:00Z
Red Hat OpenShift Container Platform 4.14
rhcos-414.92.202407300859-0	cpe:/a:redhat:openshift:4.14::el9	RHSA-2024:4960	2024-08-07T00:00:00Z
Red Hat OpenShift Container Platform 4.15
rhcos-415.92.202407301159-0	cpe:/a:redhat:openshift:4.15::el9	RHSA-2024:4955	2024-08-07T00:00:00Z
Red Hat OpenShift Container Platform 4.16
rhcos-416.94.202407171205-0	cpe:/a:redhat:openshift:4.16::el9	RHSA-2024:4613	2024-07-24T00:00:00Z

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

The process is identical to CVE-2024-6387, by disabling LoginGraceTime. See that CVE page for additional details.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/07/08/2
http://www.openwall.com/lists/oss-security/2024/07/09/2
http://www.openwall.com/lists/oss-security/2024/07/09/5
http://www.openwall.com/lists/oss-security/2024/07/10/1
http://www.openwall.com/lists/oss-security/2024/07/10/2
https://access.redhat.com/errata/RHSA-2024:4457
https://access.redhat.com/errata/RHSA-2024:4613
https://access.redhat.com/errata/RHSA-2024:4716
https://access.redhat.com/errata/RHSA-2024:4910
https://access.redhat.com/errata/RHSA-2024:4955
https://access.redhat.com/errata/RHSA-2024:4960
https://access.redhat.com/errata/RHSA-2024:5444
https://access.redhat.com/security/cve/CVE-2024-6409
https://almalinux.org/blog/2024-07-09-cve-2024-6409/
https://bugzilla.redhat.com/show_bug.cgi?id=2295085
https://bugzilla.suse.com/show_bug.cgi?id=1227217
https://explore.alas.aws.amazon.com/CVE-2024-6409.html
https://github.com/openela-main/openssh/commit/c00da7741d42029e49047dd89e266d91dcfbffa0
https://nvd.nist.gov/vuln/detail/CVE-2024-6409
https://security-tracker.debian.org/tracker/CVE-2024-6409
https://security.netapp.com/advisory/ntap-20240712-0003/
https://sig-security.rocky.page/issues/CVE-2024-6409/
https://ubuntu.com/security/CVE-2024-6409
https://www.cve.org/CVERecord?id=CVE-2024-6409
https://www.suse.com/security/cve/CVE-2024-6409.html

History

Thu, 22 May 2025 19:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10

Sun, 24 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 22 Aug 2024 12:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.13::el8 cpe:/a:redhat:openshift:4.13::el9
References		https://access.redhat.com/errata/RHSA-2024:5444

Wed, 07 Aug 2024 16:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9
References		https://access.redhat.com/errata/RHSA-2024:4960

Wed, 07 Aug 2024 04:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9
References		https://access.redhat.com/errata/RHSA-2024:4955

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-07-08T17:57:10.517Z

Updated: 2025-08-30T22:46:40.947Z

Reserved: 2024-06-28T18:10:24.954Z

Link: CVE-2024-6409

Vulnrichment

Updated: 2024-08-01T21:41:03.399Z

NVD

Status : Awaiting Analysis

Published: 2024-07-08T18:15:09.487

Modified: 2024-11-21T09:49:35.850

Link: CVE-2024-6409

Redhat

Severity : Moderate

Publid Date: 2024-07-08T17:45:07Z

Links: CVE-2024-6409 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object