What is the severity of CVE-2024-6409?

CVE-2024-6409 is considered to be a high severity vulnerability due to its potential to allow remote attackers to exploit the race condition in OpenSSH's server.

How do I fix CVE-2024-6409?

To remediate CVE-2024-6409, update OpenSSH to one of the patched versions: 1:8.4p1-5+deb11u3, 1:9.2p1-2+deb12u3, or 1:9.8p1-8.

Which software is affected by CVE-2024-6409?

CVE-2024-6409 affects OpenSSH server versions, as well as specific versions of F5 BIG-IP Next SPK and F5 BIG-IP Next CNF.

Can CVE-2024-6409 be exploited remotely?

Yes, CVE-2024-6409 can be exploited remotely by attackers without authentication for a limited time.

What type of vulnerability is CVE-2024-6409?

CVE-2024-6409 is classified as a race condition vulnerability related to signal handling in the OpenSSH server.

Vulnerability/
CVE-2024-6409

high

CWE

364 362

EPSS

0.046%

1/7/2024

8/7/2024

6/9/2024

27/1/2025

CVE-2024-6409: Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9

First published: Mon Jul 01 2024(Updated: )

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
debian/openssh		1:8.4p1-5+deb11u3 1:9.2p1-2+deb12u3 1:9.8p1-8
F5 BIG-IP Service Proxy for Kubernetes	>=1.7.0<=1.9.2
F5 BIG-IP Next Cloud-Native Network Functions	>=1.1.0<=1.3.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-6409?
CVE-2024-6409 is considered to be a high severity vulnerability due to its potential to allow remote attackers to exploit the race condition in OpenSSH's server.
How do I fix CVE-2024-6409?
To remediate CVE-2024-6409, update OpenSSH to one of the patched versions: 1:8.4p1-5+deb11u3, 1:9.2p1-2+deb12u3, or 1:9.8p1-8.
Which software is affected by CVE-2024-6409?
CVE-2024-6409 affects OpenSSH server versions, as well as specific versions of F5 BIG-IP Next SPK and F5 BIG-IP Next CNF.
Can CVE-2024-6409 be exploited remotely?
Yes, CVE-2024-6409 can be exploited remotely by attackers without authentication for a limited time.
What type of vulnerability is CVE-2024-6409?
CVE-2024-6409 is classified as a race condition vulnerability related to signal handling in the OpenSSH server.

agent/weakness
agent/title
agent/type
agent/first-publish-date
agent/author
collector/the-register
source/The Register
alias/CVE-2024-6409
alias/CVE-2024-6387
collector/epss-latest
source/FIRST
agent/epss
agent/severity
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
collector/usn-cve
source/Ubuntu
agent/description
agent/event
collector/nvd-cve
agent/references
collector/mitre-cve
source/MITRE
agent/trending
agent/source
agent/tags
collector/redhat-bugzilla
source/Red Hat
agent/last-modified-date
collector/f5-advisory
source/F5
agent/software-canonical-lookup-request
package-manager/debian
vendor/f5
canonical/f5 big-ip service proxy for kubernetes
version/f5 big-ip service proxy for kubernetes/1.7.0
version/f5 big-ip service proxy for kubernetes/1.9.2
canonical/f5 big-ip next cloud-native network functions
version/f5 big-ip next cloud-native network functions/1.1.0
version/f5 big-ip next cloud-native network functions/1.3.1