CVE-2024-6409
HIGHCVSS v3
7
HIGH
EPSS Score
76.7%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.
Technical Details
- Published
- 7/8/2024
Frequently Asked Questions
What is CVE-2024-6409?
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.
Is CVE-2024-6409 actively exploited?
Active exploitation of CVE-2024-6409 has not been confirmed. The EPSS score is 76.7%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2024-6409?
CVE-2024-6409 has a CVSS v3 base score of 7 (HIGH severity).
Is CVE-2024-6409 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.