THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-6387

Openssh: regresshion - race condition in ssh allows rce/dos

Assignerredhat
Reserved2024-06-27
Published2024-07-01
Updated2024-07-18

Description

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.



HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Signal Handler Race Condition

Product status

Default status
unaffected

8.5p1
affected

Default status
affected

0:8.7p1-38.el9_4.1 before *
unaffected

Default status
affected

0:8.7p1-38.el9_4.1 before *
unaffected

Default status
affected

0:8.7p1-12.el9_0.1 before *
unaffected

Default status
affected

0:8.7p1-30.el9_2.4 before *
unaffected

Default status
affected

413.92.202407091321-0 before *
unaffected

Default status
affected

414.92.202407091253-0 before *
unaffected

Default status
affected

415.92.202407091355-0 before *
unaffected

Default status
affected

416.94.202407081958-0 before *
unaffected

Default status
unknown

Default status
unaffected

Default status
unaffected

Default status
unaffected

Timeline

2024-06-27:Reported to Red Hat.
2024-07-01:Made public.

References

http://www.openwall.com/lists/oss-security/2024/07/01/12

http://www.openwall.com/lists/oss-security/2024/07/01/13

http://www.openwall.com/lists/oss-security/2024/07/02/1

http://www.openwall.com/lists/oss-security/2024/07/03/1

http://www.openwall.com/lists/oss-security/2024/07/03/11

http://www.openwall.com/lists/oss-security/2024/07/03/2

http://www.openwall.com/lists/oss-security/2024/07/03/3

http://www.openwall.com/lists/oss-security/2024/07/03/4

http://www.openwall.com/lists/oss-security/2024/07/03/5

http://www.openwall.com/lists/oss-security/2024/07/04/1

http://www.openwall.com/lists/oss-security/2024/07/04/2

http://www.openwall.com/lists/oss-security/2024/07/08/2

http://www.openwall.com/lists/oss-security/2024/07/08/3

http://www.openwall.com/lists/oss-security/2024/07/09/2

http://www.openwall.com/lists/oss-security/2024/07/09/5

http://www.openwall.com/lists/oss-security/2024/07/10/1

http://www.openwall.com/lists/oss-security/2024/07/10/2

http://www.openwall.com/lists/oss-security/2024/07/10/3

http://www.openwall.com/lists/oss-security/2024/07/10/4

http://www.openwall.com/lists/oss-security/2024/07/10/6

http://www.openwall.com/lists/oss-security/2024/07/11/1

http://www.openwall.com/lists/oss-security/2024/07/11/3

https://access.redhat.com/errata/RHSA-2024:4312 (RHSA-2024:4312) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4340 (RHSA-2024:4340) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4389 (RHSA-2024:4389) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4469 (RHSA-2024:4469) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4474 (RHSA-2024:4474) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4479 (RHSA-2024:4479) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4484 (RHSA-2024:4484) vendor-advisory

https://access.redhat.com/security/cve/CVE-2024-6387 vdb-entry

https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/

https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

https://bugzilla.redhat.com/show_bug.cgi?id=2294604 (RHBZ#2294604) issue-tracking

https://explore.alas.aws.amazon.com/CVE-2024-6387.html

https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132

https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc

https://github.com/AlmaLinux/updates/issues/629

https://github.com/Azure/AKS/issues/4379

https://github.com/PowerShell/Win32-OpenSSH/discussions/2248

https://github.com/PowerShell/Win32-OpenSSH/issues/2249

https://github.com/microsoft/azurelinux/issues/9555

https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09

https://github.com/oracle/oracle-linux/issues/149

https://github.com/rapier1/hpn-ssh/issues/87

https://github.com/zgzhang/cve-2024-6387-poc

https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/

https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html

https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html

https://news.ycombinator.com/item?id=40843778

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010

https://security-tracker.debian.org/tracker/CVE-2024-6387

https://security.netapp.com/advisory/ntap-20240701-0001/

https://sig-security.rocky.page/issues/CVE-2024-6387/

https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/

https://ubuntu.com/security/CVE-2024-6387

https://ubuntu.com/security/notices/USN-6859-1

https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do

https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100

https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc

https://www.openssh.com/txt/release-9.8

https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html

https://www.suse.com/security/cve/CVE-2024-6387.html

https://www.theregister.com/2024/07/01/regresshion_openssh/

cve.org CVE-2024-6387

nvd.nist.gov CVE-2024-6387

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-6387
© Copyright 2024 THREATINT. Made in Cyprus with +