Fedora and RHEL Users Alerted to OpenSSH Vulnerability

A new vulnerability, CVE-2024-6409, in OpenSSH versions 8.7 and 8.8 risks remote code execution; Fedora 36/37 and RHEL 9 are affected.

A newly disclosed vulnerability in OpenSSH, CVE-2024-6409, has raised concerns across multiple Linux distributions using glibc. The security flaw, which could potentially allow remote code execution, was discovered during a review of findings by the Qualys Security team.

The vulnerability specifically affects OpenSSH versions 8.7 and 8.8 and their corresponding portable releases.

This issue arises due to a race condition in handling signals in OpenSSH’s privsep (privileged separation) child process. The problem occurs when cleanup_exit(), a function not designed to be called from a signal handler, is invoked from grace_alarm_handler().

This misuse may inadvertently call other unsafe functions during signal handling, particularly when altered by downstream distribution patches.

The impact of this vulnerability is underscored by the fact that it was introduced via a patch found in Red Hat’s package of OpenSSH, notably the “openssh-7.6p1-audit.patch.”

This patch affects not only Red Hat Enterprise Linux (RHEL) 9 and its derivatives but also Fedora versions 36 and 37 and some updates to version 35.

Although Fedora has transitioned to newer versions of OpenSSH in its latest releases (38 and above), which do not contain the problematic cleanup_exit() call, the legacy versions remain vulnerable.

CVE-2024-6409 notably differs from a previously disclosed vulnerability, CVE-2024-6387, in that the new issue is triggered in a process with reduced privileges.

Luckily, this fact limits the vulnerability’s immediate impact; however, the potential for exploitation still exists, especially if not all related vulnerabilities are simultaneously addressed.

Security experts have suggested mitigation strategies such as setting OpenSSH’s “LoginGraceTime” option to zero, which is effective against both CVE-2024-6387 and CVE-2024-6409. Another mitigation, the “-e” option, is only effective against CVE-2024-6387.

For more information about the newly-founded OpenSSH vulnerability, check out this link.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%