Second OpenSSH flaw discovered similar to regreSSHion but with lower impact
Take action: One more thing to check in your SSH servers. This flaw is less critical, but still hackers will find a way to exploit it. Plan to isolate systems, apply mitigations and patch. Also expect that a lot of vendors will report their systems carrying SSHD to be reported as vulnerable and patched.
Learn More
Security researchers are reporting a second vulnerability in OpenSSH, after the report regreSSHion CVE-2024-6387.
The second vulnerability, tracked as CVE-2024-6409 (CVSS score 7) is a new race condition in privsep child process of SSHD. Found in the grace_alarm_handler() function, which improperly calls cleanup_exit() within a signal handler. The race condition and RCE potential are triggered in the privileged separation (privsep) child process, which operates with reduced privileges. The vulnerability is similar to regreSSHion but limited to the child process.
Affected Systems are OpenSSH versions 8.7 and 8.8, including certain downstream patches like openssh-7.6p1-audit.patch in Red Hat's package.
The issue is fixed in version: 8.7p1-38.1.el9_4.security.0.7 available July 8, 2024. Ensure that all affected systems are updated with the latest patches. As a mitigating measure, set LoginGraceTime to 0, which can help prevent the exploitation of this and similar vulnerabilities.
