Detections
Analytics

CentOS 9 : openssh-8.7p1-43.el9

high Nessus Plugin ID 202392

Synopsis

The remote CentOS host is missing a security update for openssh.

Description

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssh-8.7p1-43.el9 build changelog.

 - A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.
 (CVE-2024-6409)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the CentOS 9 Stream openssh package.

See Also

https://kojihub.stream.centos.org/koji/buildinfo?buildID=65541

Plugin Details

Severity: High

ID: 202392

File Name: centos9_openssh-8_7p1-43_65541.nasl

Version: 1.1

Type: local

Agent: unix

Published: 7/15/2024

Updated: 7/15/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.0

CVSS v2

Risk Factor: Medium

Base Score: 6.6

Temporal Score: 4.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:C

CVSS Score Source: CVE-2024-6409

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:centos:centos:openssh-server, p-cpe:/a:centos:centos:openssh-clients, cpe:/a:centos:centos:9, p-cpe:/a:centos:centos:openssh-sk-dummy, p-cpe:/a:centos:centos:openssh-keycat, p-cpe:/a:centos:centos:openssh-askpass, p-cpe:/a:centos:centos:openssh, p-cpe:/a:centos:centos:pam_ssh_agent_auth

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 7/9/2024

Vulnerability Publication Date: 7/3/2024

Reference Information

CVE: CVE-2024-6409

IAVA: 2024-A-0375