CVE-2024-6409

HIGH Year: 2024
CVSS v3 Score
7.0
High
Weakness Type
CWE-364
View all →

Vulnerability Description

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.

Related Vulnerabilities

CVE-2023-1285

MEDIUM
CVSS:5.9(Medium)

Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated attacker to cause a...

CWE-3642023

CVE-2023-5676

MEDIUM
CVSS:5.9(Medium)

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the ...

CWE-3642023

CVE-2024-6387

HIGH
CVSS:8.1(High)

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote at...

CWE-3642024

CVE-2019-3805

MEDIUM
CVSS:5.5(Medium)

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploi...

CWE-3642019

CVE-2020-14317

MEDIUM
CVSS:5.5(Medium)

It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attac...

CWE-3642020

CVE-2024-6387

HIGH
CVSS:8.1(High)

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote at...

CWE-3642024