openssh-8.7p1-38.el9_4.4
エラータID: AXSA:2024-8554:06
リリース日:
2024/07/11 Thursday - 10:51
題名:
openssh-8.7p1-38.el9_4.4
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSH の sshd の cleanup_exit() 関数には、SIGALRM シグナル
ハンドラーのレースコンディションに起因して非同期シグナルセーフ
となっていないシステムコールをシグナルハンドラーから呼び出して
しまう問題があるため、リモートの攻撃者により、SSH クライアント
から LoginGraceTime 値に設定した時間以内に認証をしないように
することを介して、任意のコードの実行、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2024-6409)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-6409
A signal handler race condition vulnerability was found in OpenSSH's server (sshd) in Red Hat Enterprise Linux 9, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server. This vulnerability affects only the sshd server shipped with Red Hat Enterprise Linux 9, while upstream versions of sshd are not impact by this flaw.
A signal handler race condition vulnerability was found in OpenSSH's server (sshd) in Red Hat Enterprise Linux 9, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server. This vulnerability affects only the sshd server shipped with Red Hat Enterprise Linux 9, while upstream versions of sshd are not impact by this flaw.
追加情報:
N/A
ダウンロード:
SRPMS
- openssh-8.7p1-38.el9_4.4.src.rpm
MD5: 7f13d264820307d97f13e556699b69a2
SHA-256: 4281f62feacb5609b28b4f23ed819fe434e85c2781d55634afc01bd59d57fc1b
Size: 2.30 MB
Asianux Server 9 for x86_64
- openssh-8.7p1-38.el9_4.4.x86_64.rpm
MD5: 1e3ccf4c218a45e1ae1e0277284cc47d
SHA-256: 0dd4d0c36c10b161ea196ff835dd65dc0bd05b8e0018332f76ba7e17f114125e
Size: 464.15 kB - openssh-askpass-8.7p1-38.el9_4.4.x86_64.rpm
MD5: 0e295a95c86891137c9e2d56e127fbc3
SHA-256: 176392c8c3ae8cb59403880a039125c09ba3b3d7fd8ad1803d975fe286569ca7
Size: 20.59 kB - openssh-clients-8.7p1-38.el9_4.4.x86_64.rpm
MD5: a160bf465a66de33449ee9ee16a8776b
SHA-256: ebf4533b268a628f7fff5513158f5ec3b786165fe2be0cda9fd73f5af08d3228
Size: 718.56 kB - openssh-keycat-8.7p1-38.el9_4.4.x86_64.rpm
MD5: 0220a468e3ec95b9566387f665afabae
SHA-256: 00442910aed4558363dfd0a44d81046f7d43c6de4666ad4fa6a24d895dba3701
Size: 22.07 kB - openssh-server-8.7p1-38.el9_4.4.x86_64.rpm
MD5: e2875503ed8578d31f4de86dd947ee66
SHA-256: c90c6f2f60a9ec75af735804719f6292bcec77feea2708c26be1c22e5edc1e80
Size: 463.39 kB - pam_ssh_agent_auth-0.10.4-5.38.el9_4.4.x86_64.rpm
MD5: 0e640e5e783990faad5fb31a95306e18
SHA-256: fb1ade6d28fcdba89a72f8a930c3124669b178f0a115bf2316f9b4ccac87a544
Size: 68.94 kB
English