ELSA-2024-4457

Опубликовано: 10 июл. 2024

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2024-4457: openssh security update (MODERATE)

[8.7p1-38.0.2.4]

Possible remote code execution due to a race condition (CVE-2024-6409) Resolves: RHEL-45741

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

openssh

8.7p1-38.0.2.el9_4.4

openssh-askpass

8.7p1-38.0.2.el9_4.4

openssh-clients

8.7p1-38.0.2.el9_4.4

openssh-keycat

8.7p1-38.0.2.el9_4.4

openssh-server

8.7p1-38.0.2.el9_4.4

pam_ssh_agent_auth

0.10.4-5.38.0.2.el9_4.4

Oracle Linux x86_64

openssh

8.7p1-38.0.2.el9_4.4

openssh-askpass

8.7p1-38.0.2.el9_4.4

openssh-clients

8.7p1-38.0.2.el9_4.4

openssh-keycat

8.7p1-38.0.2.el9_4.4

openssh-server

8.7p1-38.0.2.el9_4.4

pam_ssh_agent_auth

0.10.4-5.38.0.2.el9_4.4

Связанные CVE

CVE-2024-6409

Ссылки на источники

Связанные уязвимости

CVE-2024-6409

CVSS3: 7

ubuntu

12 месяцев назад

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.