CVE-2024-6409: Possible remote code execution in privsep child
due to a race condition in signal handling
This commit is contained in:
parent
c4d40580f3
commit
40f1d8dfe6
26
SOURCES/openssh-8.7p1-CVE-2024-6409.patch
Normal file
26
SOURCES/openssh-8.7p1-CVE-2024-6409.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
From d86a071731239b564ed4b93071402199f69fd67a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Lukoshko <alukoshko@almalinux.org>
|
||||||
|
Date: Tue, 2 Jul 2024 22:05:51 +0000
|
||||||
|
Subject: [PATCH] CVE-2024-6409: Possible remote code execution in privsep
|
||||||
|
child due to a race condition in signal handling
|
||||||
|
|
||||||
|
---
|
||||||
|
sshd.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/sshd.c b/sshd.c
|
||||||
|
index ec595d0..2a25e2c 100644
|
||||||
|
--- a/sshd.c
|
||||||
|
+++ b/sshd.c
|
||||||
|
@@ -384,7 +384,7 @@ grace_alarm_handler(int sig)
|
||||||
|
|
||||||
|
/* Log error and exit. */
|
||||||
|
if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)
|
||||||
|
- cleanup_exit(255); /* don't log in privsep child */
|
||||||
|
+ _exit(1); /* don't log in privsep child */
|
||||||
|
else {
|
||||||
|
sigdie("Timeout before authentication for %s port %d",
|
||||||
|
ssh_remote_ipaddr(the_active_state),
|
||||||
|
--
|
||||||
|
2.43.5
|
||||||
|
|
@ -54,7 +54,7 @@
|
|||||||
Summary: An open source implementation of SSH protocol version 2
|
Summary: An open source implementation of SSH protocol version 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
Version: %{openssh_ver}
|
Version: %{openssh_ver}
|
||||||
Release: %{openssh_rel}%{?dist}.1
|
Release: %{openssh_rel}%{?dist}.1.alma.1
|
||||||
URL: http://www.openssh.com/portable.html
|
URL: http://www.openssh.com/portable.html
|
||||||
#URL1: https://github.com/jbeverly/pam_ssh_agent_auth/
|
#URL1: https://github.com/jbeverly/pam_ssh_agent_auth/
|
||||||
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||||
@ -289,6 +289,8 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch
|
|||||||
#upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a
|
#upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a
|
||||||
Patch1019: openssh-9.6p1-CVE-2023-51385.patch
|
Patch1019: openssh-9.6p1-CVE-2023-51385.patch
|
||||||
Patch1020: openssh-9.8p1-upstream-cve-2024-6387.patch
|
Patch1020: openssh-9.8p1-upstream-cve-2024-6387.patch
|
||||||
|
# https://www.openwall.com/lists/oss-security/2024/07/08/2
|
||||||
|
Patch1021: openssh-8.7p1-CVE-2024-6409.patch
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
Requires: /sbin/nologin
|
Requires: /sbin/nologin
|
||||||
@ -363,7 +365,7 @@ Requires: openssh = %{version}-%{release}
|
|||||||
%package -n pam_ssh_agent_auth
|
%package -n pam_ssh_agent_auth
|
||||||
Summary: PAM module for authentication with ssh-agent
|
Summary: PAM module for authentication with ssh-agent
|
||||||
Version: %{pam_ssh_agent_ver}
|
Version: %{pam_ssh_agent_ver}
|
||||||
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.1
|
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.1.alma.1
|
||||||
License: BSD
|
License: BSD
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -513,6 +515,7 @@ popd
|
|||||||
%patch1018 -p1 -b .cve-2023-48795
|
%patch1018 -p1 -b .cve-2023-48795
|
||||||
%patch1019 -p1 -b .cve-2023-51385
|
%patch1019 -p1 -b .cve-2023-51385
|
||||||
%patch1020 -p1 -b .cve-2024-6387
|
%patch1020 -p1 -b .cve-2024-6387
|
||||||
|
%patch1021 -p1 -b .cve-2024-6409
|
||||||
|
|
||||||
autoreconf
|
autoreconf
|
||||||
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||||
@ -800,6 +803,10 @@ test -f %{sysconfig_anaconda} && \
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jul 08 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 8.7p1-38.1.alma.1
|
||||||
|
- Possible remote code execution in privsep child due to a race condition
|
||||||
|
Resolves: CVE-2024-6409
|
||||||
|
|
||||||
* Fri Jun 28 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38.1
|
* Fri Jun 28 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38.1
|
||||||
- Possible remote code execution due to a race condition (CVE-2024-6387)
|
- Possible remote code execution due to a race condition (CVE-2024-6387)
|
||||||
Resolves: RHEL-45347
|
Resolves: RHEL-45347
|
||||||
|
Loading…
Reference in New Issue
Block a user