IB specialists have discovered a new vulnerability in the Openssh packages, which are part of the composition of Red Hat Enterprise Linux 9 (RHEL 9). This vulnerability, identified as CVE-2024-6409, allows attackers to execute code on remote servers without authentication. The issue also affects packages for Fedora Linux 36 and 37.
The vulnerability stems from a Race Condition in the Sigalrm interruption processor, occurring due to the execution of functions not meant for asynchronous execution from signal handlers. When the Logingracetime parameter time elapses, the handler interrupts the current code execution. Calling functions like Syslog(), which involve dynamic memory allocation, can harm Malloc’s internal structures when the sigalrm is triggered.
CVE-2024-6409 is closely tied to the invocation of the CLEANUP_EXIT() function in the signal processor Grace_ALARM_HANDLER(). While this challenge doesn’t cause issues in the main code base, a patch was introduced in RHEL 9 and Fedora packages, adding a call to generate audit events to Cleanup_exit(). Unexpectedly, this function isn’t designed for using signals in signal handlers.
The patch leading to the vulnerability was applied in RHEL 9 and distributions based on Openssh 8.7p1. However, this problem doesn’t manifest in the latest Fedora versions, as Fedora 38 onwards utilizes a newer OpenSSH version where the Cleanup_exit() function remains unchanged.
To address the vulnerability in the SSHD (SSHD_Config) configuration, professionals recommend setting the LogingRacetime parameter to 0. This action effectively blocks the vulnerability, even though standard protection methods like using the “-e” option prove ineffective.
This scenario underscores the unforeseen consequences that can arise for system security even when correcting programming flaws with good intentions. It highlights the crucial need for thorough testing of all modifications, particularly in critical OS components. Striking a balance between specific requirements and overall security is a challenging yet essential task in the realm of information technology.