[LINUX] Another OpenSSH remote code execution vulnerability

[1s2k.pl]

Alexander "Solar Designer" Peslyak has disclosed another OpenSSH vulnerability that can be exploited for remote code execution, but only on distributions that have applied a patch to add auditing support. Specifically, RHEL 9 and derivatives are affected, as are Fedora 36 and 37 (but not later releases).

The main difference from CVE-2024-6387 is that the race condition and RCE potential are triggered in the privsep child process, which runs with reduced privileges compared to the parent server process. So immediate impact is lower. However, there may be differences in exploitability of these vulnerabilities in a particular scenario, which could make either one of these a more attractive choice for an attacker, and if only one of these is fixed or mitigated then the other becomes more relevant.

Przeczytaj cały wpis