CVE-2024-6409 Information

Description

A signal handler race condition vulnerability was found in OpenSSH’s server (sshd) where a client does not authenticate within LoginGraceTime seconds (120 by default 600 in old OpenSSH versions) then sshd’s SIGALRM handler is called asynchronously. However this signal handler calls various functions that are not async-signal-safe for example syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server.

Reference

https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 http://www.openwall.com/lists/oss-security/2024/07/08/2