Security News > 2024 > July > New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk
Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution.
The vulnerability, tracked as CVE-2024-6409, is distinct from CVE-2024-6387 and relates to a case of code execution in the privsep child process due to a race condition in signal handling.
"The main difference from CVE-2024-6387 is that the race condition and RCE potential are triggered in the privsep child process, which runs with reduced privileges compared to the parent server process," Peslyak said.
It's worth noting that the signal handler race condition vulnerability is the same as CVE-2024-6387, wherein if a client does not authenticate within LoginGraceTime seconds, then the OpenSSH daemon process' SIGALRM handler is called asynchronously, which then invokes various functions that are not async-signal-safe.
"This issue leaves it vulnerable to a signal handler race condition on the cleanup exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server," according to the vulnerability description.
"As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution within unprivileged user running the sshd server."
News URL
https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html
Related news
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)
- Apache fixes remote code execution bypass in Tomcat web server (source)
- Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-08 | CVE-2024-6409 | A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). | 0.0 |
2024-07-01 | CVE-2024-6387 | Race Condition vulnerability in multiple products A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). | 8.1 |