Security News > 2024 > July > New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution.

The vulnerability, tracked as CVE-2024-6409, is distinct from CVE-2024-6387 and relates to a case of code execution in the privsep child process due to a race condition in signal handling.

"The main difference from CVE-2024-6387 is that the race condition and RCE potential are triggered in the privsep child process, which runs with reduced privileges compared to the parent server process," Peslyak said.

It's worth noting that the signal handler race condition vulnerability is the same as CVE-2024-6387, wherein if a client does not authenticate within LoginGraceTime seconds, then the OpenSSH daemon process' SIGALRM handler is called asynchronously, which then invokes various functions that are not async-signal-safe.

"This issue leaves it vulnerable to a signal handler race condition on the cleanup exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server," according to the vulnerability description.

"As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution within unprivileged user running the sshd server."

News URL

https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html