Описание
RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling
FAQ
Why is the Red Hat Inc. the assigning CNA (CVE Numbering Authority)?
CVE-2024-6387 is regarding a vulnerability in OppenSSH's server (sshd). Red Hat created this CVE on its behalf.
Is Microsoft Windows vulnerable to CVE-2024-6387?
No, Microsoft Windows is not affected by this vulnerability. Although Windows contains an OpenSSH component, the vulnerable code cannot be exploited or controlled by an adversary.
The race condition used in this exploit is not possible in Windows because of significant differences with login grace timeout handling in the win32-openssh implementation.
Is the update for Azure Kubernetes Service Nodes on Ubuntu Linux currently available?
The security update for Azure Kubernetes Service (AKS) Nodes on Ubuntu Linux is currently being deployed but may not yet be available depending on your resource's deployment region. The deployment will be completed as soon as possible and customers can check the availability of the update here: AKS Release Tracker
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| CBL Mariner 2.0 x64 | - | |
| CBL Mariner 2.0 ARM | - | |
| Azure Kubernetes Service Node on Azure Linux | ||
| Azure Kubernetes Service Node on Ubuntu Linux | ||
| Azure Arc Resource Bridge on Azure Arc-enabled VMware vSphere | ||
| Azure Arc Resource Bridge on Azure Arc-enabled System Center Virtual Machine Manager | ||
| Azure Arc Resource Bridge on Azure Stack HCI |
Показывать по
Возможность эксплуатации
DOS
EPSS
8.1 High
CVSS3
Связанные уязвимости
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
A security regression (CVE-2006-5051) was discovered in OpenSSH's serv ...
EPSS
8.1 High
CVSS3