Описание
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-6387
- https://github.com/rapier1/hpn-ssh/issues/87
- https://github.com/oracle/oracle-linux/issues/149
- https://github.com/microsoft/azurelinux/issues/9555
- https://github.com/PowerShell/Win32-OpenSSH/issues/2249
- https://github.com/Azure/AKS/issues/4379
- https://github.com/AlmaLinux/updates/issues/629
- https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09
- https://access.redhat.com/errata/RHSA-2024:4312
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010
- https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
- https://security-tracker.debian.org/tracker/CVE-2024-6387
- https://security.netapp.com/advisory/ntap-20240701-0001
- https://sig-security.rocky.page/issues/CVE-2024-6387
- https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution
- https://support.apple.com/kb/HT214118
- https://support.apple.com/kb/HT214119
- https://support.apple.com/kb/HT214120
- https://ubuntu.com/security/CVE-2024-6387
- https://ubuntu.com/security/notices/USN-6859-1
- https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do
- https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100
- https://www.exploit-db.com/exploits/52269
- https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc
- https://www.openssh.com/txt/release-9.8
- https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
- https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html
- https://www.suse.com/security/cve/CVE-2024-6387.html
- https://www.theregister.com/2024/07/01/regresshion_openssh
- https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387
- https://access.redhat.com/errata/RHSA-2024:4340
- https://access.redhat.com/errata/RHSA-2024:4389
- https://access.redhat.com/errata/RHSA-2024:4469
- https://access.redhat.com/errata/RHSA-2024:4474
- https://access.redhat.com/errata/RHSA-2024:4479
- https://access.redhat.com/errata/RHSA-2024:4484
- https://access.redhat.com/security/cve/CVE-2024-6387
- https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1
- https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux
- https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
- https://bugzilla.redhat.com/show_bug.cgi?id=2294604
- https://explore.alas.aws.amazon.com/CVE-2024-6387.html
- https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132
- https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc
- https://github.com/PowerShell/Win32-OpenSSH/discussions/2248
- https://github.com/zgzhang/cve-2024-6387-poc
- https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY
- https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
- https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html
- https://news.ycombinator.com/item?id=40843778
- https://packetstorm.news/files/id/190587
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://seclists.org/fulldisclosure/2024/Jul/19
- http://seclists.org/fulldisclosure/2024/Jul/20
- http://www.openwall.com/lists/oss-security/2024/07/01/12
- http://www.openwall.com/lists/oss-security/2024/07/01/13
- http://www.openwall.com/lists/oss-security/2024/07/02/1
- http://www.openwall.com/lists/oss-security/2024/07/03/1
- http://www.openwall.com/lists/oss-security/2024/07/03/11
- http://www.openwall.com/lists/oss-security/2024/07/03/2
- http://www.openwall.com/lists/oss-security/2024/07/03/3
- http://www.openwall.com/lists/oss-security/2024/07/03/4
- http://www.openwall.com/lists/oss-security/2024/07/03/5
- http://www.openwall.com/lists/oss-security/2024/07/04/1
- http://www.openwall.com/lists/oss-security/2024/07/04/2
- http://www.openwall.com/lists/oss-security/2024/07/08/2
- http://www.openwall.com/lists/oss-security/2024/07/08/3
- http://www.openwall.com/lists/oss-security/2024/07/09/2
- http://www.openwall.com/lists/oss-security/2024/07/09/5
- http://www.openwall.com/lists/oss-security/2024/07/10/1
- http://www.openwall.com/lists/oss-security/2024/07/10/2
- http://www.openwall.com/lists/oss-security/2024/07/10/3
- http://www.openwall.com/lists/oss-security/2024/07/10/4
- http://www.openwall.com/lists/oss-security/2024/07/10/6
- http://www.openwall.com/lists/oss-security/2024/07/11/1
- http://www.openwall.com/lists/oss-security/2024/07/11/3
- http://www.openwall.com/lists/oss-security/2024/07/23/4
- http://www.openwall.com/lists/oss-security/2024/07/23/6
- http://www.openwall.com/lists/oss-security/2024/07/28/2
- http://www.openwall.com/lists/oss-security/2024/07/28/3
Связанные уязвимости
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling
A security regression (CVE-2006-5051) was discovered in OpenSSH's serv ...