RedhatVULNRICHMENT:CVE-2024-6387CVE-2024-6387 Openssh: possible remote code execution due to a race condition in signal handling
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.791 High
EPSS
Percentile
98.3%
A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CNA Affected
[
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"versions": [
{
"status": "unaffected",
"version": "0:8.7p1-38.el9_4.1",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "openssh",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"versions": [
{
"status": "unaffected",
"version": "0:8.7p1-38.el9_4.1",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "openssh",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"packageName": "openssh",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"packageName": "openssh",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"packageName": "openssh",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"packageName": "rhcos",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
}
]References
www.openwall.com/lists/oss-security/2024/07/01/12
www.openwall.com/lists/oss-security/2024/07/01/13
www.openwall.com/lists/oss-security/2024/07/02/1
www.openwall.com/lists/oss-security/2024/07/03/1
www.openwall.com/lists/oss-security/2024/07/03/11
www.openwall.com/lists/oss-security/2024/07/03/2
www.openwall.com/lists/oss-security/2024/07/03/3
www.openwall.com/lists/oss-security/2024/07/03/4
www.openwall.com/lists/oss-security/2024/07/03/5
www.openwall.com/lists/oss-security/2024/07/04/1
www.openwall.com/lists/oss-security/2024/07/04/2
access.redhat.com/errata/RHSA-2024:4312
access.redhat.com/security/cve/CVE-2024-6387
archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/
arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/
blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
bugzilla.redhat.com/show_bug.cgi?id=2294604
explore.alas.aws.amazon.com/CVE-2024-6387.html
ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc
github.com/AlmaLinux/updates/issues/629
github.com/Azure/AKS/issues/4379
github.com/microsoft/azurelinux/issues/9555
github.com/oracle/oracle-linux/issues/149
github.com/PowerShell/Win32-OpenSSH/discussions/2248
github.com/PowerShell/Win32-OpenSSH/issues/2249
github.com/rapier1/hpn-ssh/issues/87
github.com/zgzhang/cve-2024-6387-poc
lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html
news.ycombinator.com/item?id=40843778
psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010
security-tracker.debian.org/tracker/CVE-2024-6387
security.netapp.com/advisory/ntap-20240701-0001/
sig-security.rocky.page/issues/CVE-2024-6387/
stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/
ubuntu.com/security/CVE-2024-6387
ubuntu.com/security/notices/USN-6859-1
www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc
www.openssh.com/txt/release-9.8
www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
www.suse.com/security/cve/CVE-2024-6387.html
www.theregister.com/2024/07/01/regresshion_openssh/
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.791 High
EPSS
Percentile
98.3%