CVE-2024-6387

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6387
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:4312 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4340 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4389 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4469 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4474 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4479 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4484 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-6387 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2294604 Issue Tracking Third Party Advisory
https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
https://www.openssh.com/txt/release-9.8 Release Notes Third Party Advisory
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:8.5:p1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:suse:linux_enterprise_micro:6.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:lts:*:*:*

Configuration 6 (hide)

cpe:2.3:o:amazon:linux_2023:-:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*

Configuration 8 (hide)

OR cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p10:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p11:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*

Configuration 9 (hide)

cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*
History

14 Sep 2024, 03:15

Type Values Removed Values Added
References
  • {'url': 'http://seclists.org/fulldisclosure/2024/Jul/18', 'source': 'secalert@redhat.com'}
  • {'url': 'http://seclists.org/fulldisclosure/2024/Jul/19', 'source': 'secalert@redhat.com'}
  • {'url': 'http://seclists.org/fulldisclosure/2024/Jul/20', 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/01/12', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/01/13', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/02/1', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/03/1', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/03/11', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/03/2', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/03/3', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/03/4', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/03/5', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/04/1', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/04/2', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/08/2', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/08/3', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/09/2', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/09/5', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/10/1', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/10/2', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/10/3', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/10/4', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/10/6', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/11/1', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/11/3', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/23/4', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/23/6', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/28/2', 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/28/3', 'source': 'secalert@redhat.com'}
  • {'url': 'https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/', 'tags': ['Press/Media Coverage', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server', 'tags': ['Exploit', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://explore.alas.aws.amazon.com/CVE-2024-6387.html', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/AlmaLinux/updates/issues/629', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/Azure/AKS/issues/4379', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/PowerShell/Win32-OpenSSH/discussions/2248', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/PowerShell/Win32-OpenSSH/issues/2249', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/microsoft/azurelinux/issues/9555', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/oracle/oracle-linux/issues/149', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/rapier1/hpn-ssh/issues/87', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/zgzhang/cve-2024-6387-poc', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://news.ycombinator.com/item?id=40843778', 'tags': ['Issue Tracking', 'Patch', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://security-tracker.debian.org/tracker/CVE-2024-6387', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.netapp.com/advisory/ntap-20240701-0001/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://sig-security.rocky.page/issues/CVE-2024-6387/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://support.apple.com/kb/HT214118', 'source': 'secalert@redhat.com'}
  • {'url': 'https://support.apple.com/kb/HT214119', 'source': 'secalert@redhat.com'}
  • {'url': 'https://support.apple.com/kb/HT214120', 'source': 'secalert@redhat.com'}
  • {'url': 'https://ubuntu.com/security/CVE-2024-6387', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://ubuntu.com/security/notices/USN-6859-1', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.suse.com/security/cve/CVE-2024-6387.html', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.theregister.com/2024/07/01/regresshion_openssh/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}

30 Jul 2024, 02:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/18 -
  • () http://seclists.org/fulldisclosure/2024/Jul/19 -

30 Jul 2024, 01:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/20 -

29 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214118 -
  • () https://support.apple.com/kb/HT214119 -
  • () https://support.apple.com/kb/HT214120 -

29 Jul 2024, 09:15

Type Values Removed Values Added
References
  • () https://santandersecurityresearch.github.io/blog/sshing_the_masses.html -

28 Jul 2024, 21:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/28/2 -
  • () http://www.openwall.com/lists/oss-security/2024/07/28/3 -

24 Jul 2024, 18:07

Type Values Removed Values Added
CPE cpe:2.3:a:openbsd:openssh:9.8:-:*:*:*:*:*:*
References () http://www.openwall.com/lists/oss-security/2024/07/01/12 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/01/12 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/01/13 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/01/13 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/02/1 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/02/1 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/03/1 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/03/1 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/03/11 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/03/11 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/03/2 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/03/2 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/03/3 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/03/3 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/03/4 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/03/4 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/03/5 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/03/5 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/04/1 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/04/1 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/04/2 - Mailing List () http://www.openwall.com/lists/oss-security/2024/07/04/2 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/08/2 - () http://www.openwall.com/lists/oss-security/2024/07/08/2 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/08/3 - () http://www.openwall.com/lists/oss-security/2024/07/08/3 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/09/2 - () http://www.openwall.com/lists/oss-security/2024/07/09/2 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/09/5 - () http://www.openwall.com/lists/oss-security/2024/07/09/5 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/10/1 - () http://www.openwall.com/lists/oss-security/2024/07/10/1 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/10/2 - () http://www.openwall.com/lists/oss-security/2024/07/10/2 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/10/3 - () http://www.openwall.com/lists/oss-security/2024/07/10/3 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/10/4 - () http://www.openwall.com/lists/oss-security/2024/07/10/4 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/10/6 - () http://www.openwall.com/lists/oss-security/2024/07/10/6 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/11/1 - () http://www.openwall.com/lists/oss-security/2024/07/11/1 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/11/3 - () http://www.openwall.com/lists/oss-security/2024/07/11/3 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/23/4 - () http://www.openwall.com/lists/oss-security/2024/07/23/4 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/23/6 - () http://www.openwall.com/lists/oss-security/2024/07/23/6 - Mailing List, Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:4340 - () https://access.redhat.com/errata/RHSA-2024:4340 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:4389 - () https://access.redhat.com/errata/RHSA-2024:4389 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:4469 - () https://access.redhat.com/errata/RHSA-2024:4469 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:4474 - () https://access.redhat.com/errata/RHSA-2024:4474 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:4479 - () https://access.redhat.com/errata/RHSA-2024:4479 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:4484 - () https://access.redhat.com/errata/RHSA-2024:4484 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2294604 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=2294604 - Issue Tracking, Third Party Advisory
References () https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132 - () https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132 - Third Party Advisory
References () https://github.com/AlmaLinux/updates/issues/629 - Issue Tracking () https://github.com/AlmaLinux/updates/issues/629 - Issue Tracking, Third Party Advisory
References () https://github.com/Azure/AKS/issues/4379 - Issue Tracking () https://github.com/Azure/AKS/issues/4379 - Issue Tracking, Third Party Advisory
References () https://github.com/PowerShell/Win32-OpenSSH/discussions/2248 - Issue Tracking () https://github.com/PowerShell/Win32-OpenSSH/discussions/2248 - Issue Tracking, Third Party Advisory
References () https://github.com/PowerShell/Win32-OpenSSH/issues/2249 - Issue Tracking () https://github.com/PowerShell/Win32-OpenSSH/issues/2249 - Issue Tracking, Third Party Advisory
References () https://github.com/microsoft/azurelinux/issues/9555 - Issue Tracking () https://github.com/microsoft/azurelinux/issues/9555 - Issue Tracking, Third Party Advisory
References () https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09 - () https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09 - Third Party Advisory
References () https://github.com/oracle/oracle-linux/issues/149 - Issue Tracking () https://github.com/oracle/oracle-linux/issues/149 - Issue Tracking, Third Party Advisory
References () https://github.com/rapier1/hpn-ssh/issues/87 - Issue Tracking () https://github.com/rapier1/hpn-ssh/issues/87 - Issue Tracking, Third Party Advisory
References () https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/ - () https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/ - Mailing List, Third Party Advisory
References () https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html - Mailing List, Patch () https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html - Mailing List, Patch, Third Party Advisory
References () https://news.ycombinator.com/item?id=40843778 - Issue Tracking, Patch () https://news.ycombinator.com/item?id=40843778 - Issue Tracking, Patch, Third Party Advisory
References () https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do - () https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do - Third Party Advisory
References () https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100 - () https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100 - Third Party Advisory
References () https://www.openssh.com/txt/release-9.8 - Release Notes () https://www.openssh.com/txt/release-9.8 - Release Notes, Third Party Advisory
References () https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html - () https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html - Third Party Advisory

23 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/23/6 -

23 Jul 2024, 21:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/23/4 -

18 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4474 -

17 Jul 2024, 05:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4479 -
  • () https://access.redhat.com/errata/RHSA-2024:4484 -

16 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4469 -

14 Jul 2024, 17:15

Type Values Removed Values Added
Summary (en) A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. (en) A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

11 Jul 2024, 20:15

Type Values Removed Values Added
References
  • () https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100 -

11 Jul 2024, 14:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/11/3 -

11 Jul 2024, 04:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/11/1 -

11 Jul 2024, 01:15

Type Values Removed Values Added
References
  • () https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09 -

10 Jul 2024, 23:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/10/6 -

10 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/10/4 -

10 Jul 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/10/3 -

10 Jul 2024, 17:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/10/2 -

10 Jul 2024, 16:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/10/1 -

10 Jul 2024, 01:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/09/5 -

09 Jul 2024, 12:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/09/2 -

09 Jul 2024, 06:15

Type Values Removed Values Added
References
  • () https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/ -
  • () https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do -

08 Jul 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4389 -

08 Jul 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/08/2 -
  • () http://www.openwall.com/lists/oss-security/2024/07/08/3 -

06 Jul 2024, 05:15

Type Values Removed Values Added
References
  • () https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132 -
  • () https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html -

05 Jul 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4340 -

05 Jul 2024, 15:53

Type Values Removed Values Added
References () https://sig-security.rocky.page/issues/CVE-2024-6387/ - () https://sig-security.rocky.page/issues/CVE-2024-6387/ - Third Party Advisory

05 Jul 2024, 15:15

Type Values Removed Values Added
References
  • () https://sig-security.rocky.page/issues/CVE-2024-6387/ -

05 Jul 2024, 15:10

Type Values Removed Values Added
CPE cpe:2.3:a:openbsd:openssh:8.5:p1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_micro:6.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:lts:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p10:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p11:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.8:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*
cpe:2.3:o:amazon:linux_2023:-:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:*
CWE CWE-362
References () http://www.openwall.com/lists/oss-security/2024/07/01/12 - () http://www.openwall.com/lists/oss-security/2024/07/01/12 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/01/13 - () http://www.openwall.com/lists/oss-security/2024/07/01/13 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/02/1 - () http://www.openwall.com/lists/oss-security/2024/07/02/1 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/03/1 - () http://www.openwall.com/lists/oss-security/2024/07/03/1 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/03/11 - () http://www.openwall.com/lists/oss-security/2024/07/03/11 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/03/2 - () http://www.openwall.com/lists/oss-security/2024/07/03/2 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/03/3 - () http://www.openwall.com/lists/oss-security/2024/07/03/3 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/03/4 - () http://www.openwall.com/lists/oss-security/2024/07/03/4 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/03/5 - () http://www.openwall.com/lists/oss-security/2024/07/03/5 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/04/1 - () http://www.openwall.com/lists/oss-security/2024/07/04/1 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/07/04/2 - () http://www.openwall.com/lists/oss-security/2024/07/04/2 - Mailing List
References () https://access.redhat.com/errata/RHSA-2024:4312 - () https://access.redhat.com/errata/RHSA-2024:4312 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2024-6387 - () https://access.redhat.com/security/cve/CVE-2024-6387 - Third Party Advisory
References () https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/ - () https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/ - Third Party Advisory
References () https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/ - () https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/ - Press/Media Coverage, Third Party Advisory
References () https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server - () https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server - Exploit, Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2294604 - () https://bugzilla.redhat.com/show_bug.cgi?id=2294604 - Issue Tracking
References () https://explore.alas.aws.amazon.com/CVE-2024-6387.html - () https://explore.alas.aws.amazon.com/CVE-2024-6387.html - Third Party Advisory
References () https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc - () https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc - Third Party Advisory
References () https://github.com/AlmaLinux/updates/issues/629 - () https://github.com/AlmaLinux/updates/issues/629 - Issue Tracking
References () https://github.com/Azure/AKS/issues/4379 - () https://github.com/Azure/AKS/issues/4379 - Issue Tracking
References () https://github.com/PowerShell/Win32-OpenSSH/discussions/2248 - () https://github.com/PowerShell/Win32-OpenSSH/discussions/2248 - Issue Tracking
References () https://github.com/PowerShell/Win32-OpenSSH/issues/2249 - () https://github.com/PowerShell/Win32-OpenSSH/issues/2249 - Issue Tracking
References () https://github.com/microsoft/azurelinux/issues/9555 - () https://github.com/microsoft/azurelinux/issues/9555 - Issue Tracking
References () https://github.com/oracle/oracle-linux/issues/149 - () https://github.com/oracle/oracle-linux/issues/149 - Issue Tracking
References () https://github.com/rapier1/hpn-ssh/issues/87 - () https://github.com/rapier1/hpn-ssh/issues/87 - Issue Tracking
References () https://github.com/zgzhang/cve-2024-6387-poc - () https://github.com/zgzhang/cve-2024-6387-poc - Third Party Advisory
References () https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html - () https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html - Mailing List, Third Party Advisory
References () https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html - () https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html - Mailing List, Patch
References () https://news.ycombinator.com/item?id=40843778 - () https://news.ycombinator.com/item?id=40843778 - Issue Tracking, Patch
References () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010 - () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010 - Third Party Advisory
References () https://security-tracker.debian.org/tracker/CVE-2024-6387 - () https://security-tracker.debian.org/tracker/CVE-2024-6387 - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240701-0001/ - () https://security.netapp.com/advisory/ntap-20240701-0001/ - Third Party Advisory
References () https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/ - () https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/ - Third Party Advisory
References () https://ubuntu.com/security/CVE-2024-6387 - () https://ubuntu.com/security/CVE-2024-6387 - Third Party Advisory
References () https://ubuntu.com/security/notices/USN-6859-1 - () https://ubuntu.com/security/notices/USN-6859-1 - Third Party Advisory
References () https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc - () https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc - Third Party Advisory
References () https://www.openssh.com/txt/release-9.8 - () https://www.openssh.com/txt/release-9.8 - Release Notes
References () https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt - () https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt - Exploit, Third Party Advisory
References () https://www.suse.com/security/cve/CVE-2024-6387.html - () https://www.suse.com/security/cve/CVE-2024-6387.html - Third Party Advisory
References () https://www.theregister.com/2024/07/01/regresshion_openssh/ - () https://www.theregister.com/2024/07/01/regresshion_openssh/ - Third Party Advisory
First Time Redhat enterprise Linux
Netbsd
Netapp ontap Select Deploy Administration Utility
Redhat enterprise Linux For Power Little Endian Eus
Openbsd
Redhat enterprise Linux For Arm 64
Netapp e-series Santricity Os Controller
Canonical
Debian debian Linux
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Ibm Z Systems Eus
Netbsd netbsd
Redhat enterprise Linux Server Aus
Amazon
Netapp ontap Tools
Netapp
Suse
Redhat enterprise Linux For Power Little Endian
Suse linux Enterprise Micro
Debian
Redhat
Redhat enterprise Linux Eus
Canonical ubuntu Linux
Freebsd freebsd
Openbsd openssh
Freebsd
Redhat openshift Container Platform
Amazon linux 2023
Redhat enterprise Linux For Arm 64 Eus

04 Jul 2024, 12:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/04/2 -

04 Jul 2024, 03:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/04/1 -

03 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/03/11 -

03 Jul 2024, 20:15

Type Values Removed Values Added
References
  • () https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/ -
  • () https://github.com/AlmaLinux/updates/issues/629 -
  • () https://github.com/Azure/AKS/issues/4379 -
  • () https://github.com/PowerShell/Win32-OpenSSH/discussions/2248 -
  • () https://github.com/PowerShell/Win32-OpenSSH/issues/2249 -
  • () https://github.com/microsoft/azurelinux/issues/9555 -

03 Jul 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4312 -

03 Jul 2024, 13:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/03/5 -

03 Jul 2024, 12:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/03/4 -

03 Jul 2024, 09:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/03/3 -

03 Jul 2024, 08:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/03/1 -
  • () http://www.openwall.com/lists/oss-security/2024/07/03/2 -

02 Jul 2024, 23:15

Type Values Removed Values Added
Summary (en) A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). (en) A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

02 Jul 2024, 19:15

Type Values Removed Values Added
References
  • () https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc -
  • () https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc -

02 Jul 2024, 14:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/02/1 -
Summary
  • (es) Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anteriores de OpenSSH), luego se llama al controlador SIGALRM de sshd de forma asincrónica. Sin embargo, este controlador de señales llama a varias funciones que no son seguras para señales asíncronas, por ejemplo, syslog().

01 Jul 2024, 23:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240701-0001/ -

01 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/01/13 -

01 Jul 2024, 19:15

Type Values Removed Values Added
References
  • () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010 -
  • () https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/ -

01 Jul 2024, 18:15

Type Values Removed Values Added
References
  • () https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/ -
  • () https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server -
  • () https://explore.alas.aws.amazon.com/CVE-2024-6387.html -
  • () https://github.com/oracle/oracle-linux/issues/149 -
  • () https://github.com/rapier1/hpn-ssh/issues/87 -
  • () https://github.com/zgzhang/cve-2024-6387-poc -
  • () https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html -
  • () https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html -
  • () https://news.ycombinator.com/item?id=40843778 -
  • () https://security-tracker.debian.org/tracker/CVE-2024-6387 -
  • () https://ubuntu.com/security/CVE-2024-6387 -
  • () https://ubuntu.com/security/notices/USN-6859-1 -
  • () https://www.openssh.com/txt/release-9.8 -
  • () https://www.suse.com/security/cve/CVE-2024-6387.html -
  • () https://www.theregister.com/2024/07/01/regresshion_openssh/ -

01 Jul 2024, 17:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/01/12 -

01 Jul 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-01 13:15

Updated : 2024-09-14 03:15

NVD link : CVE-2024-6387

Mitre link : CVE-2024-6387

CVE.ORG link : CVE-2024-6387

JSON object : View

Products Affected

netapp

  • ontap_tools
  • ontap_select_deploy_administration_utility
  • e-series_santricity_os_controller

redhat

  • openshift_container_platform
  • enterprise_linux_for_power_little_endian
  • enterprise_linux
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_server_aus
  • enterprise_linux_eus
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_arm_64
  • enterprise_linux_for_arm_64_eus

openbsd

  • openssh

netbsd

  • netbsd

suse

  • linux_enterprise_micro

canonical

  • ubuntu_linux

amazon

  • linux_2023

debian

  • debian_linux

freebsd

  • freebsd
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-364

Signal Handler Race Condition


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024