CVE-2024-6409Signal Handler Race Condition in Openssh

CWE-364Signal Handler Race Condition15 documents10 sources
Severity
7.0HIGHNVD
EPSS
76.4%
top 1.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Paloalto Pan-osDebian Openssh
Timeline
PublishedJul 8
Latest updateMar 27

Description

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running th

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 2.2 | Impact: 4.7

Affected Packages2 packages

Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-79hg-h6r6-64mm: A signal handler race condition vulnerability was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds2024-07-08
VulnCheck
GNU grub2 Signal Handler Race Condition2024

🔍Detection Rules

1
Suricata
ET INFO Server Responded with Vulnerable OpenSSH Version (CVE-2024-6409)2024-07-09

📋Vendor Advisories

3
Palo Alto
PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS2025-02-12
Red Hat
openssh: Possible remote code execution due to a race condition in signal handling affecting Red Hat Enterprise Linux 92024-07-08
Debian
CVE-2024-6409: openssh - A race condition vulnerability was discovered in how signals are handled by Open...2024

🕵️Threat Intelligence

8
Zscaler
CVE-2025-29927: Next.js Middleware Flaw | ThreatLabz2025-03-27
Zscaler
CVE-2024-6387 & CVE-2024-6409 | ThreatLabz2024-08-05
Trendmicro
The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-64092024-07-17
Trendmicro
The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-64092024-07-17
Trendmicro
The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-64092024-07-17