CVE-2024-6387 - A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVE-2024-6409 - A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.
NetProfiler and Flow Gateway : OPENSSH CVE-2024-6387 and CVE-2024-6409
Categories:
Solution Number:
S38322
Last Modified:
2024-07-18
Issue
Solution
RHEL 6, 7, and 8 all utilize an older version of OpenSSH which was never affected by CVE-2024-6387 and CVE-2024-6409.
NetProfiler and Flow Gateway uses RHEL8(Almalinux 8) so this product is not affected by this vulnerability.
Environment
NetProfiler
Flow Gateway
OPENSSH
CVE-2024-6387
CVE-2024-6409
Related Bugs
Attachments
Related Files
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Can't find an answer? Create a case