Headline
Gentoo Linux Security Advisory 202407-09
Gentoo Linux Security Advisory 202407-9 - A vulnerability has been discovered in OpenSSH, which can lead to remote code execution with root privileges. Versions greater than or equal to 9.7_p1-r6 are affected.
Gentoo Linux Security Advisory GLSA 202407-09
https://security.gentoo.org/
Severity: High
Title: OpenSSH: Remote Code Execution
Date: July 01, 2024
Bugs: #935271
ID: 202407-09
Synopsis
A vulnerability has been discovered in OpenSSH, which can lead to remote
code execution with root privileges.
Background
OpenSSH is a free application suite consisting of server and clients
that replace tools like telnet, rlogin, rcp and ftp with more secure
versions offering additional functionality.
Affected packages
Package Vulnerable Unaffected
net-misc/openssh < 9.7_p1-r6 >= 9.7_p1-r6
Description
A vulnerability has been discovered in OpenSSH. Please review the CVE
identifier referenced below for details.
Impact
A critical vulnerability in sshd(8) was present in Portable OpenSSH
versions that may allow arbitrary code execution with root privileges.
Successful exploitation has been demonstrated on 32-bit Linux/glibc
systems with ASLR. Under lab conditions, the attack requires on
average 6-8 hours of continuous connections up to the maximum the
server will accept. Exploitation on 64-bit systems is believed to be
possible but has not been demonstrated at this time. It’s likely that
these attacks will be improved upon.
Workaround
There is no known workaround at this time.
Note that Gentoo has backported the fix to the following versions:
net-misc/openssh-9.6_p1-r5
net-misc/openssh-9.7_p1-r6
Resolution
All OpenSSH users should upgrade to the latest version and restart the
sshd server (to ensure access for new sessions and no vulnerable code
keeps running).
emerge --sync
emerge --ask --oneshot --verbose “>=net-misc/openssh-9.7_p1-r6”
With OpenRC:
rc-service sshd restart
With systemD:
systemctl try-restart sshd.service
References
[ 1 ] CVE-2024-6387
https://nvd.nist.gov/vuln/detail/CVE-2024-6387
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202407-09
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges. The vulnerability, tracked as CVE-2024-7589, carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity. "A signal handler in sshd(8) may call a logging function
Quay.io is Red Hat’s hosted container registry service that serves enterprise users, open source community projects, and Red Hat customers worldwide. One of the most used features of Quay.io, besides storing and serving container images, is the comprehensive security vulnerability reporting for any uploaded image. Because Red Hat is committed to making open source software more accessible, this functionality is also available on the free tier, provided by the Clair static vulnerability analyzer project.Clair allows users to analyze millions of container images and billions of layers, and pr
Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1
Red Hat Security Advisory 2024-4312-03 - An update for openssh is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
Ubuntu Security Notice 6859-1 - It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials.
Debian Linux Security Advisory 5724-1 - The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration.
Qualys has discovered a a signal handler race condition vulnerability in OpenSSH's server, sshd. If a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe - for example, syslog(). This race condition affects sshd in its default configuration.
OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability has been assigned the CVE identifier CVE-2024-6387. It resides in the OpenSSH server component, also known as sshd, which is designed to listen for connections from any of the client