Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-6387

HistoryJul 01, 2024 - 1:15 p.m.

CVE-2024-6387

2024-07-0113:15:06

Debian Security Bug Tracker

security-tracker.debian.org

openssh

sshd

security regression

race condition

signals

unauthenticated

remote attacker

time period

unix

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.791 High

EPSS

Percentile

98.3%

JSON

A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

OSVersionArchitecturePackageVersionFilename
Debian12allopenssh< 1:9.2p1-2+deb12u3openssh_1:9.2p1-2+deb12u3_all.deb
Debian11allopenssh< 1:8.4p1-5+deb11u3openssh_1:8.4p1-5+deb11u3_all.deb
Debian999allopenssh< 1:9.7p1-7openssh_1:9.7p1-7_all.deb
Debian13allopenssh< 1:9.7p1-7openssh_1:9.7p1-7_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	openssh	< 1:9.2p1-2+deb12u3	openssh_1:9.2p1-2+deb12u3_all.deb
Debian	11	all	openssh	< 1:8.4p1-5+deb11u3	openssh_1:8.4p1-5+deb11u3_all.deb
Debian	999	all	openssh	< 1:9.7p1-7	openssh_1:9.7p1-7_all.deb
Debian	13	all	openssh	< 1:9.7p1-7	openssh_1:9.7p1-7_all.deb