CVE-2024-6387

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6387
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:4312 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4340 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4389 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4469 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4474 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4479 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4484 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-6387 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2294604 Issue Tracking Third Party Advisory
https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
https://www.openssh.com/txt/release-9.8 Release Notes Third Party Advisory
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.5:p1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:suse:linux_enterprise_micro:6.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:lts:*:*:*

Configuration 6 (hide)

cpe:2.3:o:amazon:linux_2023:-:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*

Configuration 8 (hide)

OR cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p10:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p11:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*

Configuration 9 (hide)

cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*
History

14 Sep 2024, 03:15

Type Values Removed Values Added
References
  • {'url': 'http://seclists.org/fulldisclosure/2024/Jul/18', 'source': 'secalert@redhat.com'}
  • {'url': 'http://seclists.org/fulldisclosure/2024/Jul/19', 'source': 'secalert@redhat.com'}
  • {'url': 'http://seclists.org/fulldisclosure/2024/Jul/20', 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/01/12', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/01/13', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/02/1', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/03/1', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/03/11', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/03/2', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/03/3', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/03/4', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/03/5', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/04/1', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/04/2', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/08/2', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/08/3', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/09/2', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/09/5', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/10/1', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/10/2', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/10/3', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/10/4', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/10/6', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/11/1', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/11/3', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/23/4', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/23/6', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/28/2', 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/28/3', 'source': 'secalert@redhat.com'}
  • {'url': 'https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/', 'tags': ['Press/Media Coverage', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server', 'tags': ['Exploit', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://explore.alas.aws.amazon.com/CVE-2024-6387.html', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/AlmaLinux/updates/issues/629', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/Azure/AKS/issues/4379', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/PowerShell/Win32-OpenSSH/discussions/2248', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/PowerShell/Win32-OpenSSH/issues/2249', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/microsoft/azurelinux/issues/9555', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/oracle/oracle-linux/issues/149', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/rapier1/hpn-ssh/issues/87', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/zgzhang/cve-2024-6387-poc', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://news.ycombinator.com/item?id=40843778', 'tags': ['Issue Tracking', 'Patch', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://security-tracker.debian.org/tracker/CVE-2024-6387', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.netapp.com/advisory/ntap-20240701-0001/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://sig-security.rocky.page/issues/CVE-2024-6387/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://support.apple.com/kb/HT214118', 'source': 'secalert@redhat.com'}
  • {'url': 'https://support.apple.com/kb/HT214119', 'source': 'secalert@redhat.com'}
  • {'url': 'https://support.apple.com/kb/HT214120', 'source': 'secalert@redhat.com'}
  • {'url': 'https://ubuntu.com/security/CVE-2024-6387', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://ubuntu.com/security/notices/USN-6859-1', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.suse.com/security/cve/CVE-2024-6387.html', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.theregister.com/2024/07/01/regresshion_openssh/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}

30 Jul 2024, 02:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/18 -
  • () http://seclists.org/fulldisclosure/2024/Jul/19 -

30 Jul 2024, 01:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/20 -

29 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214118 -
  • () https://support.apple.com/kb/HT214119 -
  • () https://support.apple.com/kb/HT214120 -

29 Jul 2024, 09:15

Type Values Removed Values Added
References
  • () https://santandersecurityresearch.github.io/blog/sshing_the_masses.html -

28 Jul 2024, 21:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/28/2 -
  • () http://www.openwall.com/lists/oss-security/2024/07/28/3 -

24 Jul 2024, 18:07

Type Values Removed Values Added
CPE cpe:2.3:a:openbsd:openssh:9.8:-:*:*:*:*:*:*
References () http://www.openwall.com/lists/oss-security/2024/07/01/12 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/01/12 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/01/13 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/01/13 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/02/1 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/02/1 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/03/1 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/03/1 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/03/11 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/03/11 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/03/2 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/03/2 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/03/3 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/03/3 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/03/4 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/03/4 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/03/5 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/03/5 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/04/1 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/04/1 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/04/2 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/04/2 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/08/2 - () http://www.openwall.com/lists/oss-security/2024/07/08/2 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/08/3 - () http://www.openwall.com/lists/oss-security/2024/07/08/3 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/09/2 - () http://www.openwall.com/lists/oss-security/2024/07/09/2 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/09/5 - () http://www.openwall.com/lists/oss-security/2024/07/09/5 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/10/1 - () http://www.openwall.com/lists/oss-security/2024/07/10/1 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/10/2 - () http://www.openwall.com/lists/oss-security/2024/07/10/2 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/10/3 - () http://www.openwall.com/lists/oss-security/2024/07/10/3 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/10/4 - () http://www.openwall.com/lists/oss-security/2024/07/10/4 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/10/6 - () http://www.openwall.com/lists/oss-security/2024/07/10/6 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/11/1 - () http://www.openwall.com/lists/oss-security/2024/07/11/1 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/11/3 - () http://www.openwall.com/lists/oss-security/2024/07/11/3 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/23/4 - () http://www.openwall.com/lists/oss-security/2024/07/23/4 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/23/6 - () http://www.openwall.com/lists/oss-security/2024/07/23/6 - Mailing List, Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:4340 - () https://access.redhat.com/errata/RHSA-2024:4340 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:4389 - () https://access.redhat.com/errata/RHSA-2024:4389 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:4469 - () https://access.redhat.com/errata/RHSA-2024:4469 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:4474 - () https://access.redhat.com/errata/RHSA-2024:4474 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:4479 - () https://access.redhat.com/errata/RHSA-2024:4479 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:4484 - () https://access.redhat.com/errata/RHSA-2024:4484 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2294604 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=2294604 - Issue Tracking, Third Party Advisory
References () https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132 - () https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132 - Third Party Advisory
References () https://github.com/AlmaLinux/updates/issues/629 - Issue Tracking () https://github.com/AlmaLinux/updates/issues/629 - Issue Tracking, Third Party Advisory
References () https://github.com/Azure/AKS/issues/4379 - Issue Tracking () https://github.com/Azure/AKS/issues/4379 - Issue Tracking, Third Party Advisory
References () https://github.com/PowerShell/Win32-OpenSSH/discussions/2248 - Issue Tracking () https://github.com/PowerShell/Win32-OpenSSH/discussions/2248 - Issue Tracking, Third Party Advisory
References () https://github.com/PowerShell/Win32-OpenSSH/issues/2249 - Issue Tracking () https://github.com/PowerShell/Win32-OpenSSH/issues/2249 - Issue Tracking, Third Party Advisory
References () https://github.com/microsoft/azurelinux/issues/9555 - Issue Tracking () https://github.com/microsoft/azurelinux/issues/9555 - Issue Tracking, Third Party Advisory
References () https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09 - () https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09 - Third Party Advisory
References () https://github.com/oracle/oracle-linux/issues/149 - Issue Tracking () https://github.com/oracle/oracle-linux/issues/149 - Issue Tracking, Third Party Advisory
References () https://github.com/rapier1/hpn-ssh/issues/87 - Issue Tracking () https://github.com/rapier1/hpn-ssh/issues/87 - Issue Tracking, Third Party Advisory
References () https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/ - () https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/ - Mailing List, Third Party Advisory
References () https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html - Mailing List, Patch () https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html - Mailing List, Patch, Third Party Advisory
References () https://news.ycombinator.com/item?id=40843778 - Issue Tracking, Patch () https://news.ycombinator.com/item?id=40843778 - Issue Tracking, Patch, Third Party Advisory
References () https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do - () https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do - Third Party Advisory
References () https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100 - () https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100 - Third Party Advisory
References () https://www.openssh.com/txt/release-9.8 - Release Notes () https://www.openssh.com/txt/release-9.8 - Release Notes, Third Party Advisory
References () https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html - () https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html - Third Party Advisory

23 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/23/6 -

23 Jul 2024, 21:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/23/4 -

18 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4474 -

17 Jul 2024, 05:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4479 -
  • () https://access.redhat.com/errata/RHSA-2024:4484 -

16 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4469 -

14 Jul 2024, 17:15

Type Values Removed Values Added
Summary (en) A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. (en) A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

11 Jul 2024, 20:15

Type Values Removed Values Added
References
  • () https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100 -

11 Jul 2024, 14:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/11/3 -

11 Jul 2024, 04:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/11/1 -

11 Jul 2024, 01:15

Type Values Removed Values Added
References
  • () https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09 -

10 Jul 2024, 23:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/10/6 -

10 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/10/4 -

10 Jul 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/10/3 -

10 Jul 2024, 17:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/10/2 -

10 Jul 2024, 16:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/10/1 -

10 Jul 2024, 01:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/09/5 -

09 Jul 2024, 12:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/09/2 -

09 Jul 2024, 06:15

Type Values Removed Values Added
References
  • () https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/ -
  • () https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do -

08 Jul 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4389 -

08 Jul 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/08/2 -
  • () http://www.openwall.com/lists/oss-security/2024/07/08/3 -

06 Jul 2024, 05:15

Type Values Removed Values Added
References
  • () https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132 -
  • () https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html -

05 Jul 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4340 -

05 Jul 2024, 15:53

Type Values Removed Values Added
References () https://sig-security.rocky.page/issues/CVE-2024-6387/ - () https://sig-security.rocky.page/issues/CVE-2024-6387/ - Third Party Advisory

05 Jul 2024, 15:15

Type Values Removed Values Added
First Time Redhat enterprise Linux For Ibm Z Systems
Openbsd openssh
Debian
Debian debian Linux
Redhat enterprise Linux For Power Little Endian Eus
Canonical ubuntu Linux
Freebsd
Suse linux Enterprise Micro
Netapp e-series Santricity Os Controller
Redhat enterprise Linux For Power Little Endian
Freebsd freebsd
Redhat
Netbsd
Redhat openshift Container Platform
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux For Arm 64 Eus
Canonical
Netapp ontap Select Deploy Administration Utility
Redhat enterprise Linux
Netbsd netbsd
Netapp ontap Tools
Redhat enterprise Linux For Ibm Z Systems Eus
Amazon linux 2023
Netapp
Suse
Openbsd
Redhat enterprise Linux Server Aus
Amazon
Redhat enterprise Linux Eus
References
  • () https://sig-security.rocky.page/issues/CVE-2024-6387/ -
References () http://www.openwall.com/lists/oss-security/2024/07/01/12 - () http://www.openwall.com/lists/oss-security/2024/07/01/12 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/01/13 - () http://www.openwall.com/lists/oss-security/2024/07/01/13 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/02/1 - () http://www.openwall.com/lists/oss-security/2024/07/02/1 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/03/1 - () http://www.openwall.com/lists/oss-security/2024/07/03/1 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/03/11 - () http://www.openwall.com/lists/oss-security/2024/07/03/11 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/03/2 - () http://www.openwall.com/lists/oss-security/2024/07/03/2 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/03/3 - () http://www.openwall.com/lists/oss-security/2024/07/03/3 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/03/4 - () http://www.openwall.com/lists/oss-security/2024/07/03/4 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/03/5 - () http://www.openwall.com/lists/oss-security/2024/07/03/5 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/04/1 - () http://www.openwall.com/lists/oss-security/2024/07/04/1 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/04/2 - () http://www.openwall.com/lists/oss-security/2024/07/04/2 - Mailing List
References () https://access.redhat.com/errata/RHSA-2024:4312 - () https://access.redhat.com/errata/RHSA-2024:4312 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2024-6387 - () https://access.redhat.com/security/cve/CVE-2024-6387 - Third Party Advisory
References () https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/ - () https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/ - Third Party Advisory
References () https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/ - () https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/ - Press/Media Coverage, Third Party Advisory
References () https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server - () https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server - Exploit, Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2294604 - () https://bugzilla.redhat.com/show_bug.cgi?id=2294604 - Issue Tracking
References () https://explore.alas.aws.amazon.com/CVE-2024-6387.html - () https://explore.alas.aws.amazon.com/CVE-2024-6387.html - Third Party Advisory
References () https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc - () https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc - Third Party Advisory
References () https://github.com/AlmaLinux/updates/issues/629 - () https://github.com/AlmaLinux/updates/issues/629 - Issue Tracking
References () https://github.com/Azure/AKS/issues/4379 - () https://github.com/Azure/AKS/issues/4379 - Issue Tracking
References () https://github.com/PowerShell/Win32-OpenSSH/discussions/2248 - () https://github.com/PowerShell/Win32-OpenSSH/discussions/2248 - Issue Tracking
References () https://github.com/PowerShell/Win32-OpenSSH/issues/2249 - () https://github.com/PowerShell/Win32-OpenSSH/issues/2249 - Issue Tracking
References () https://github.com/microsoft/azurelinux/issues/9555 - () https://github.com/microsoft/azurelinux/issues/9555 - Issue Tracking
References () https://github.com/oracle/oracle-linux/issues/149 - () https://github.com/oracle/oracle-linux/issues/149 - Issue Tracking
References () https://github.com/rapier1/hpn-ssh/issues/87 - () https://github.com/rapier1/hpn-ssh/issues/87 - Issue Tracking
References () https://github.com/zgzhang/cve-2024-6387-poc - () https://github.com/zgzhang/cve-2024-6387-poc - Third Party Advisory
References () https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html - () https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html - Mailing List, Third Party Advisory
References () https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html - () https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html - Mailing List, Patch
References () https://news.ycombinator.com/item?id=40843778 - () https://news.ycombinator.com/item?id=40843778 - Issue Tracking, Patch
References () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010 - () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010 - Third Party Advisory
References () https://security-tracker.debian.org/tracker/CVE-2024-6387 - () https://security-tracker.debian.org/tracker/CVE-2024-6387 - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240701-0001/ - () https://security.netapp.com/advisory/ntap-20240701-0001/ - Third Party Advisory
References () https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/ - () https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/ - Third Party Advisory
References () https://ubuntu.com/security/CVE-2024-6387 - () https://ubuntu.com/security/CVE-2024-6387 - Third Party Advisory
References () https://ubuntu.com/security/notices/USN-6859-1 - () https://ubuntu.com/security/notices/USN-6859-1 - Third Party Advisory
References () https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc - () https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc - Third Party Advisory
References () https://www.openssh.com/txt/release-9.8 - () https://www.openssh.com/txt/release-9.8 - Release Notes
References () https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt - () https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt - Exploit, Third Party Advisory
References () https://www.suse.com/security/cve/CVE-2024-6387.html - () https://www.suse.com/security/cve/CVE-2024-6387.html - Third Party Advisory
References () https://www.theregister.com/2024/07/01/regresshion_openssh/ - () https://www.theregister.com/2024/07/01/regresshion_openssh/ - Third Party Advisory
CPE cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_micro:6.0:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.5:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p11:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p10:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:lts:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*
cpe:2.3:o:amazon:linux_2023:-:*:*:*:*:*:*:*
CWE CWE-362

04 Jul 2024, 12:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/04/2 -

04 Jul 2024, 03:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/04/1 -

03 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/03/11 -

03 Jul 2024, 20:15

Type Values Removed Values Added
References
  • () https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/ -
  • () https://github.com/AlmaLinux/updates/issues/629 -
  • () https://github.com/Azure/AKS/issues/4379 -
  • () https://github.com/PowerShell/Win32-OpenSSH/discussions/2248 -
  • () https://github.com/PowerShell/Win32-OpenSSH/issues/2249 -
  • () https://github.com/microsoft/azurelinux/issues/9555 -

03 Jul 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4312 -

03 Jul 2024, 13:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/03/5 -

03 Jul 2024, 12:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/03/4 -

03 Jul 2024, 09:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/03/3 -

03 Jul 2024, 08:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/03/1 -
  • () http://www.openwall.com/lists/oss-security/2024/07/03/2 -

02 Jul 2024, 23:15

Type Values Removed Values Added
Summary (en) A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). (en) A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

02 Jul 2024, 19:15

Type Values Removed Values Added
References
  • () https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc -
  • () https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc -

02 Jul 2024, 14:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anteriores de OpenSSH), luego se llama al controlador SIGALRM de sshd de forma asincrónica. Sin embargo, este controlador de señales llama a varias funciones que no son seguras para señales asíncronas, por ejemplo, syslog().
References
  • () http://www.openwall.com/lists/oss-security/2024/07/02/1 -

01 Jul 2024, 23:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240701-0001/ -

01 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/01/13 -

01 Jul 2024, 19:15

Type Values Removed Values Added
References
  • () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010 -
  • () https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/ -

01 Jul 2024, 18:15

Type Values Removed Values Added
References
  • () https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/ -
  • () https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server -
  • () https://explore.alas.aws.amazon.com/CVE-2024-6387.html -
  • () https://github.com/oracle/oracle-linux/issues/149 -
  • () https://github.com/rapier1/hpn-ssh/issues/87 -
  • () https://github.com/zgzhang/cve-2024-6387-poc -
  • () https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html -
  • () https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html -
  • () https://news.ycombinator.com/item?id=40843778 -
  • () https://security-tracker.debian.org/tracker/CVE-2024-6387 -
  • () https://ubuntu.com/security/CVE-2024-6387 -
  • () https://ubuntu.com/security/notices/USN-6859-1 -
  • () https://www.openssh.com/txt/release-9.8 -
  • () https://www.suse.com/security/cve/CVE-2024-6387.html -
  • () https://www.theregister.com/2024/07/01/regresshion_openssh/ -

01 Jul 2024, 17:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/01/12 -

01 Jul 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-01 13:15

Updated : 2024-09-14 03:15

NVD link : CVE-2024-6387

Mitre link : CVE-2024-6387

CVE.ORG link : CVE-2024-6387

JSON object : View

Products Affected

netapp

  • ontap_tools
  • e-series_santricity_os_controller
  • ontap_select_deploy_administration_utility

redhat

  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_eus
  • enterprise_linux_server_aus
  • enterprise_linux
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_for_arm_64_eus
  • openshift_container_platform
  • enterprise_linux_for_arm_64

freebsd

  • freebsd

openbsd

  • openssh

canonical

  • ubuntu_linux

debian

  • debian_linux

amazon

  • linux_2023

suse

  • linux_enterprise_micro

netbsd

  • netbsd
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-364

Signal Handler Race Condition