A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.
Metrics
Affected Vendors & Products
References
History
Sun, 24 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 22 Aug 2024 12:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.13::el8 cpe:/a:redhat:openshift:4.13::el9 |
|
References |
|
Wed, 07 Aug 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9 |
|
References |
|
Wed, 07 Aug 2024 04:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
References |
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-07-08T17:57:10.517Z
Updated: 2024-11-24T17:26:14.437Z
Reserved: 2024-06-28T18:10:24.954Z
Link: CVE-2024-6409
Vulnrichment
Updated: 2024-08-01T21:41:03.399Z
NVD
Status : Awaiting Analysis
Published: 2024-07-08T18:15:09.487
Modified: 2024-11-21T09:49:35.850
Link: CVE-2024-6409
Redhat