openssh-8.7p1-38.el9_4.4

エラータID: AXSA:2024-8554:06

Release date: 
Thursday, July 11, 2024 - 10:51
Subject: 
openssh-8.7p1-38.el9_4.4
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

* openssh: Possible remote code execution due to a race condition in signal handling affecting MIRACLE LINUX 9 (CVE-2024-6409)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-6409
A signal handler race condition vulnerability was found in OpenSSH's server (sshd) in Red Hat Enterprise Linux 9, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server. This vulnerability affects only the sshd server shipped with Red Hat Enterprise Linux 9, while upstream versions of sshd are not impact by this flaw.

Solution: 

Update packages.

CVEs: 
CVE-2024-6409
A signal handler race condition vulnerability was found in OpenSSH's server (sshd) in Red Hat Enterprise Linux 9, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server. This vulnerability affects only the sshd server shipped with Red Hat Enterprise Linux 9, while upstream versions of sshd are not impact by this flaw.
Additional Info: 

N/A

Download: 

SRPMS
  1. openssh-8.7p1-38.el9_4.4.src.rpm
    MD5: 7f13d264820307d97f13e556699b69a2
    SHA-256: 4281f62feacb5609b28b4f23ed819fe434e85c2781d55634afc01bd59d57fc1b
    Size: 2.30 MB

Asianux Server 9 for x86_64
  1. openssh-8.7p1-38.el9_4.4.x86_64.rpm
    MD5: 1e3ccf4c218a45e1ae1e0277284cc47d
    SHA-256: 0dd4d0c36c10b161ea196ff835dd65dc0bd05b8e0018332f76ba7e17f114125e
    Size: 464.15 kB
  2. openssh-askpass-8.7p1-38.el9_4.4.x86_64.rpm
    MD5: 0e295a95c86891137c9e2d56e127fbc3
    SHA-256: 176392c8c3ae8cb59403880a039125c09ba3b3d7fd8ad1803d975fe286569ca7
    Size: 20.59 kB
  3. openssh-clients-8.7p1-38.el9_4.4.x86_64.rpm
    MD5: a160bf465a66de33449ee9ee16a8776b
    SHA-256: ebf4533b268a628f7fff5513158f5ec3b786165fe2be0cda9fd73f5af08d3228
    Size: 718.56 kB
  4. openssh-keycat-8.7p1-38.el9_4.4.x86_64.rpm
    MD5: 0220a468e3ec95b9566387f665afabae
    SHA-256: 00442910aed4558363dfd0a44d81046f7d43c6de4666ad4fa6a24d895dba3701
    Size: 22.07 kB
  5. openssh-server-8.7p1-38.el9_4.4.x86_64.rpm
    MD5: e2875503ed8578d31f4de86dd947ee66
    SHA-256: c90c6f2f60a9ec75af735804719f6292bcec77feea2708c26be1c22e5edc1e80
    Size: 463.39 kB
  6. pam_ssh_agent_auth-0.10.4-5.38.el9_4.4.x86_64.rpm
    MD5: 0e640e5e783990faad5fb31a95306e18
    SHA-256: fb1ade6d28fcdba89a72f8a930c3124669b178f0a115bf2316f9b4ccac87a544
    Size: 68.94 kB