Users of Fedora and RHEL have been notified about a security vulnerability in OpenSSH.

Alert Issued to Fedora and RHEL Consumers regarding an OpenSSH Security Weakness

Recently, users of Fedora and Red Hat Enterprise Linux (RHEL) have been informed about a security loophole present in OpenSSH. This vulnerability, identified as CVE-2024-6409, has spurred concerns within various Linux distributions utilizing glibc. The discovery of this security flaw was made during an examination of findings conducted by the Qualys Security team.

The specific impact of this vulnerability targets OpenSSH versions 8.7 and 8.8, along with their respective portable releases.

The root of this problem stems from a race condition in managing signals within the privileged separation child process of OpenSSH. The issue manifests when the function cleanup_exit(), which was not intended for invocation from a signal handler, is triggered by grace_alarm_handler().

This misuse could inadvertently activate other risky functions during signal handling, particularly when modified by downstream distribution patches.

The severity of this vulnerability is accentuated by the fact that it was introduced via a patch discovered in Red Hat’s OpenSSH package, specifically the openssh-7.6p1-audit.patch.

This patch has implications not just for Red Hat Enterprise Linux (RHEL) 9 and its branches, but also for Fedora versions 36 and 37 and certain updates to version 35.

Although Fedora has upgraded to newer editions of OpenSSH in its recent releases (38 and higher), which do not include the problematic cleanup_exit() call, the older versions remain susceptible.

CVE-2024-6409 is distinct from a previously documented vulnerability, CVE-2024-6387, as the latest issue is triggered within a process with diminished privileges.

Fortunately, this factor limits the immediate impact of the vulnerability; however, the potential for exploitation remains, particularly if all associated vulnerabilities are not concurrently remedied.

Security professionals have recommended mitigation measures like setting “LoginGraceTime” to zero, which is efficacious against both CVE-2024-6387 and CVE-2024-6409. Another safeguard, the “-e” option, solely combats CVE-2024-6387.

Security analysts emphasize the significance of promptly updating impacted systems and advise users to promptly implement patches as they are released to alleviate the risks linked to these vulnerabilities.

For further insights into the recently discovered OpenSSH vulnerability, refer to this resource.

🤞 Don’t miss these tips!

Share it

🤞 Don’t miss these tips!

Solverwp- WordPress Theme and Plugin