CVE-2024-6387

Опубликовано: 01 июл. 2024

Источник: nvd

CVSS3: 8.1

EPSS Средний

Описание

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Ссылки

https://access.redhat.com/errata/RHSA-2024:4312
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4340
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4389
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4469
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4474
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4479
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4484
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-6387
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2294604
Issue Tracking
Third Party Advisory
https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
https://www.openssh.com/txt/release-9.8
Release Notes
Third Party Advisory
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
http://www.openwall.com/lists/oss-security/2024/07/01/12
http://www.openwall.com/lists/oss-security/2024/07/01/13
http://www.openwall.com/lists/oss-security/2024/07/02/1
http://www.openwall.com/lists/oss-security/2024/07/03/1
http://www.openwall.com/lists/oss-security/2024/07/03/11

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Версия до 4.4 (исключая)

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Версия от 8.6 (включая) до 9.8 (исключая)

cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:8.5:p1:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:suse:linux_enterprise_micro:6.0:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:lts:*:*:*

Конфигурация 6

cpe:2.3:o:amazon:linux_2023:-:*:*:*:*:*:*:*

Конфигурация 7

Одно из

cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*

Версия от 11.0.0 (включая) до 11.70.2 (включая)

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*

Конфигурация 8

Одно из

cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.2:p10:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.2:p11:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*

Конфигурация 9

cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*

Версия до 10.0.0 (включая)

EPSS

Процентиль: 98%

0.52037

Средний

8.1 High

CVSS3

Дефекты

CWE-364

CWE-362

Связанные уязвимости

CVE-2024-6387

CVSS3: 8.1

ubuntu

12 месяцев назад

CVE-2024-6387

CVSS3: 8.1

redhat

12 месяцев назад

CVE-2024-6387

CVSS3: 8.1

msrc

11 месяцев назад

RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling

CVE-2024-6387

CVSS3: 8.1

debian

12 месяцев назад

A security regression (CVE-2006-5051) was discovered in OpenSSH's serv ...

SUSE-SU-2024:2275-2

suse-cvrf

12 месяцев назад

Security update for openssh

EPSS

Процентиль: 98%

0.52037

Средний

8.1 High

CVSS3

Дефекты

CWE-364

CWE-362