7
CVE-2024-6409
- EPSS 76.4%
- Veröffentlicht 08.07.2024 18:15:09
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://www.openssh.com/
≫
Paket
OpenSSH
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusaffected
Version
0:8.7p1-38.el9_4.4
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusaffected
Version
0:8.7p1-38.el9_4.4
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Default Statusaffected
Version
0:8.7p1-12.el9_0.3
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9.2 Extended Update Support
Default Statusaffected
Version
0:8.7p1-30.el9_2.7
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4.13
Default Statusaffected
Version
413.92.202408122222-0
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4.14
Default Statusaffected
Version
414.92.202407300859-0
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4.15
Default Statusaffected
Version
415.92.202407301159-0
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4.16
Default Statusaffected
Version
416.94.202407171205-0
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 6
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 7
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 76.4% | 0.99 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7 | 2.2 | 4.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
|
CWE-364 Signal Handler Race Condition
The product uses a signal handler that introduces a race condition.