Bug 2295085 (CVE-2024-6409) - CVE-2024-6409 openssh: Possible remote code execution due to a race condition in signal handling affecting Red Hat Enterprise Linux 9 [NEEDINFO]
Summary: CVE-2024-6409 openssh: Possible remote code execution due to a race condition...
Keywords:
Status: NEW
Alias: CVE-2024-6409
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2295179
TreeView+ depends on / blocked
 
Reported: 2024-07-01 23:12 UTC by Marco Benatto
Modified: 2025-01-27 10:43 UTC (History)
31 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:
oarribas: needinfo? (mbenatto)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 7077080 0 None None None 2024-07-16 08:53:52 UTC
Red Hat Product Errata RHBA-2024:4489 0 None None None 2024-07-11 08:10:14 UTC
Red Hat Product Errata RHBA-2024:4512 0 None None None 2024-07-11 14:12:19 UTC
Red Hat Product Errata RHBA-2024:4531 0 None None None 2024-07-15 01:12:12 UTC
Red Hat Product Errata RHBA-2024:4685 0 None None None 2024-07-22 06:12:34 UTC
Red Hat Product Errata RHBA-2024:4833 0 None None None 2024-07-24 13:55:43 UTC
Red Hat Product Errata RHBA-2024:4985 0 None None None 2024-08-01 21:25:36 UTC
Red Hat Product Errata RHSA-2024:4457 0 None None None 2024-07-10 13:52:40 UTC
Red Hat Product Errata RHSA-2024:4613 0 None None None 2024-07-24 18:53:50 UTC
Red Hat Product Errata RHSA-2024:4716 0 None None None 2024-07-23 08:43:03 UTC
Red Hat Product Errata RHSA-2024:4910 0 None None None 2024-07-30 08:47:08 UTC
Red Hat Product Errata RHSA-2024:4955 0 None None None 2024-08-07 01:16:40 UTC
Red Hat Product Errata RHSA-2024:4960 0 None None None 2024-08-07 10:52:26 UTC
Red Hat Product Errata RHSA-2024:5444 0 None None None 2024-08-22 11:43:40 UTC

Description Marco Benatto 2024-07-01 23:12:07 UTC 
The OpenSSH version as shipped with Red Hat Enterprise Linux 9 is vulnerable to a signal handler race condition on cleanup_exit() function which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. This vulnerability only affects the versions of OpenSSH shipped with Red Hat Enterprise Linux 9.
Comment 5 errata-xmlrpc 2024-07-10 13:52:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:4457 https://access.redhat.com/errata/RHSA-2024:4457
Comment 9 errata-xmlrpc 2024-07-23 08:43:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:4716 https://access.redhat.com/errata/RHSA-2024:4716
Comment 10 errata-xmlrpc 2024-07-24 18:53:47 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:4613 https://access.redhat.com/errata/RHSA-2024:4613
Comment 12 errata-xmlrpc 2024-07-30 08:47:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:4910 https://access.redhat.com/errata/RHSA-2024:4910
Comment 13 errata-xmlrpc 2024-08-07 01:16:36 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2024:4955 https://access.redhat.com/errata/RHSA-2024:4955
Comment 14 errata-xmlrpc 2024-08-07 10:52:24 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:4960 https://access.redhat.com/errata/RHSA-2024:4960
Comment 15 errata-xmlrpc 2024-08-22 11:43:36 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:5444 https://access.redhat.com/errata/RHSA-2024:5444
Comment 17 Sophia 2024-10-17 08:51:20 UTC Comment hidden (spam)
Note You need to log in before you can comment on or make changes to this bug.