CVE-2024-6409

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 8.7 and 8.8

Description: A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. The vulnerability affects OpenSSH versions 8.7 and 8.8, including their corresponding portable releases, and is estimated to potentially affect over 98 million systems.

Recommendations: To resolve the issue for OpenSSH versions 8.7 and 8.8, set the LoginGraceTime parameter to 0 in the sshd configuration. This method effectively blocks the vulnerability. Additionally, updating to a newer version of OpenSSH that includes the fix for this vulnerability is recommended. AlmaLinux 9 has released a patch for this vulnerability.