Nixpkgs security tracker
Untriaged
Permalink
CVE-2024-6409
7.0 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): HIGH
Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.
References
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
-
-
-
-
-
https://almalinux.org/blog/2024-07-09-cve-2024-6409/ x_transferred
-
-
https://bugzilla.suse.com/show_bug.cgi?id=1227217 x_transferred
-
https://explore.alas.aws.amazon.com/CVE-2024-6409.html x_transferred
-
https://security.netapp.com/advisory/ntap-20240712-0003/ x_transferred
-
https://sig-security.rocky.page/issues/CVE-2024-6409/ x_transferred
-
https://ubuntu.com/security/CVE-2024-6409 x_transferred
-
https://www.suse.com/security/cve/CVE-2024-6409.html x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
-
-
-
-
-
https://almalinux.org/blog/2024-07-09-cve-2024-6409/ x_transferred
-
-
https://bugzilla.suse.com/show_bug.cgi?id=1227217 x_transferred
-
https://explore.alas.aws.amazon.com/CVE-2024-6409.html x_transferred
-
https://security.netapp.com/advisory/ntap-20240712-0003/ x_transferred
-
https://sig-security.rocky.page/issues/CVE-2024-6409/ x_transferred
-
https://ubuntu.com/security/CVE-2024-6409 x_transferred
-
https://www.suse.com/security/cve/CVE-2024-6409.html x_transferred
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
-
-
-
-
-
https://almalinux.org/blog/2024-07-09-cve-2024-6409/ x_transferred
-
-
https://bugzilla.suse.com/show_bug.cgi?id=1227217 x_transferred
-
https://explore.alas.aws.amazon.com/CVE-2024-6409.html x_transferred
-
https://security.netapp.com/advisory/ntap-20240712-0003/ x_transferred
-
https://sig-security.rocky.page/issues/CVE-2024-6409/ x_transferred
-
https://ubuntu.com/security/CVE-2024-6409 x_transferred
-
https://www.suse.com/security/cve/CVE-2024-6409.html x_transferred
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
-
-
-
-
-
https://almalinux.org/blog/2024-07-09-cve-2024-6409/ x_transferred
-
-
https://bugzilla.suse.com/show_bug.cgi?id=1227217 x_transferred
-
https://explore.alas.aws.amazon.com/CVE-2024-6409.html x_transferred
-
https://security.netapp.com/advisory/ntap-20240712-0003/ x_transferred
-
https://sig-security.rocky.page/issues/CVE-2024-6409/ x_transferred
-
https://ubuntu.com/security/CVE-2024-6409 x_transferred
-
https://www.suse.com/security/cve/CVE-2024-6409.html x_transferred
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
-
-
-
-
-
https://almalinux.org/blog/2024-07-09-cve-2024-6409/ x_transferred
-
-
https://bugzilla.suse.com/show_bug.cgi?id=1227217 x_transferred
-
https://explore.alas.aws.amazon.com/CVE-2024-6409.html x_transferred
-
https://security.netapp.com/advisory/ntap-20240712-0003/ x_transferred
-
https://sig-security.rocky.page/issues/CVE-2024-6409/ x_transferred
-
https://ubuntu.com/security/CVE-2024-6409 x_transferred
-
https://www.suse.com/security/cve/CVE-2024-6409.html x_transferred
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
-
-
-
-
-
https://almalinux.org/blog/2024-07-09-cve-2024-6409/ x_transferred
-
-
https://bugzilla.suse.com/show_bug.cgi?id=1227217 x_transferred
-
https://explore.alas.aws.amazon.com/CVE-2024-6409.html x_transferred
-
https://security.netapp.com/advisory/ntap-20240712-0003/ x_transferred
-
https://sig-security.rocky.page/issues/CVE-2024-6409/ x_transferred
-
https://ubuntu.com/security/CVE-2024-6409 x_transferred
-
https://www.suse.com/security/cve/CVE-2024-6409.html x_transferred
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
-
-
-
-
-
https://almalinux.org/blog/2024-07-09-cve-2024-6409/ x_transferred
-
-
https://bugzilla.suse.com/show_bug.cgi?id=1227217 x_transferred
-
https://explore.alas.aws.amazon.com/CVE-2024-6409.html x_transferred
-
https://security.netapp.com/advisory/ntap-20240712-0003/ x_transferred
-
https://sig-security.rocky.page/issues/CVE-2024-6409/ x_transferred
-
https://ubuntu.com/security/CVE-2024-6409 x_transferred
-
https://www.suse.com/security/cve/CVE-2024-6409.html x_transferred
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
-
-
-
-
-
https://almalinux.org/blog/2024-07-09-cve-2024-6409/ x_transferred
-
-
https://bugzilla.suse.com/show_bug.cgi?id=1227217 x_transferred
-
https://explore.alas.aws.amazon.com/CVE-2024-6409.html x_transferred
-
https://security.netapp.com/advisory/ntap-20240712-0003/ x_transferred
-
https://sig-security.rocky.page/issues/CVE-2024-6409/ x_transferred
-
https://ubuntu.com/security/CVE-2024-6409 x_transferred
-
https://www.suse.com/security/cve/CVE-2024-6409.html x_transferred
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
-
-
-
-
-
https://almalinux.org/blog/2024-07-09-cve-2024-6409/ x_transferred
-
-
https://bugzilla.suse.com/show_bug.cgi?id=1227217 x_transferred
-
https://explore.alas.aws.amazon.com/CVE-2024-6409.html x_transferred
-
https://security.netapp.com/advisory/ntap-20240712-0003/ x_transferred
-
https://sig-security.rocky.page/issues/CVE-2024-6409/ x_transferred
-
https://ubuntu.com/security/CVE-2024-6409 x_transferred
-
https://www.suse.com/security/cve/CVE-2024-6409.html x_transferred
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
-
-
-
-
-
https://almalinux.org/blog/2024-07-09-cve-2024-6409/ x_transferred
-
-
https://bugzilla.suse.com/show_bug.cgi?id=1227217 x_transferred
-
https://explore.alas.aws.amazon.com/CVE-2024-6409.html x_transferred
-
https://security.netapp.com/advisory/ntap-20240712-0003/ x_transferred
-
https://sig-security.rocky.page/issues/CVE-2024-6409/ x_transferred
-
https://ubuntu.com/security/CVE-2024-6409 x_transferred
-
https://www.suse.com/security/cve/CVE-2024-6409.html x_transferred
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
-
-
-
-
-
https://almalinux.org/blog/2024-07-09-cve-2024-6409/ x_transferred
-
-
https://bugzilla.suse.com/show_bug.cgi?id=1227217 x_transferred
-
https://explore.alas.aws.amazon.com/CVE-2024-6409.html x_transferred
-
https://security.netapp.com/advisory/ntap-20240712-0003/ x_transferred
-
https://sig-security.rocky.page/issues/CVE-2024-6409/ x_transferred
-
https://ubuntu.com/security/CVE-2024-6409 x_transferred
-
https://www.suse.com/security/cve/CVE-2024-6409.html x_transferred
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/07/08/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/2 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/09/5 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/1 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/07/10/2 x_transferred
-
-
-
-
-
https://almalinux.org/blog/2024-07-09-cve-2024-6409/ x_transferred
-
-
https://bugzilla.suse.com/show_bug.cgi?id=1227217 x_transferred
-
https://explore.alas.aws.amazon.com/CVE-2024-6409.html x_transferred
-
https://security.netapp.com/advisory/ntap-20240712-0003/ x_transferred
-
https://sig-security.rocky.page/issues/CVE-2024-6409/ x_transferred
-
https://ubuntu.com/security/CVE-2024-6409 x_transferred
-
https://www.suse.com/security/cve/CVE-2024-6409.html x_transferred
Affected products
rhcos
- *
OpenSSH
openssh
- *
Matching in nixpkgs
pkgs.openssh
Implementation of the SSH protocol
pkgs.opensshTest
Implementation of the SSH protocol
pkgs.openssh_hpn
Implementation of the SSH protocol with high performance networking patches
pkgs.openssh_gssapi
Implementation of the SSH protocol with GSSAPI support
pkgs.opensshWithKerberos
Implementation of the SSH protocol
pkgs.openssh_hpnWithKerberos
Implementation of the SSH protocol with high performance networking patches
pkgs.lxqt.lxqt-openssh-askpass
GUI to query passwords on behalf of SSH agents
pkgs.perl538Packages.NetOpenSSH
Perl SSH client package implemented on top of OpenSSH
pkgs.perl540Packages.NetOpenSSH
Perl SSH client package implemented on top of OpenSSH
Package maintainers
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@dasJ Janne Heß <janne@hess.ooo>
-
@Conni2461 Simon Hauser <simon-hauser@outlook.com>
-
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
-
@aneeshusa Aneesh Agrawal <aneeshusa@gmail.com>
-
@wahjava Ashish SHUKLA <ashish.is@lostca.se>