openEuler 22.03 LTS SP4 update for openssh

Published: 2024-07-21

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-6409
CWE-ID	CWE-362
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	openEuler Operating systems & Components / Operating system openssh-help Operating systems & Components / Operating system package or component pam_ssh_agent_auth Operating systems & Components / Operating system package or component openssh-server Operating systems & Components / Operating system package or component openssh-keycat Operating systems & Components / Operating system package or component openssh-debugsource Operating systems & Components / Operating system package or component openssh-debuginfo Operating systems & Components / Operating system package or component openssh-clients Operating systems & Components / Operating system package or component openssh-askpass Operating systems & Components / Operating system package or component openssh Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Race condition

EUVDB-ID: #VU94522

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-6409

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a race condition in portable version of sshd when handling signals. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. A remote non-authenticated attacker can send a series of requests in order to trigger a race condition and execute arbitrary code on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

openssh-help: before 8.8p1-32

pam_ssh_agent_auth: before 0.10.4-4.32

openssh-server: before 8.8p1-32

openssh-keycat: before 8.8p1-32

openssh-debugsource: before 8.8p1-32

openssh-debuginfo: before 8.8p1-32

openssh-clients: before 8.8p1-32

openssh-askpass: before 8.8p1-32

openssh: before 8.8p1-32

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1872

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.