Описание
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Отчет
Red Hat rates the severity of this flaw as Important for both Red Hat Enterprise Linux (RHEL) and OpenShift Container Platform (OCP). The most significant risk is Remote Code Execution, however this outcome requires significant resources to exploit. If mitigations are put in place, the consequences of exploitation are reduced. An attacker would then only be able to impact availability of the OpenSSH service. The main factor preventing a higher impact rating is an unpredictable race condition. All actively supported versions of RHEL (and by extension OCP) have ExecShield (aka ASLR) enabled by default and utilize NX technology, reducing reliability of the attack. Attackers are forced to retry the attack thousands of times. This generates significant noise providing defenders with an opportunity to detect and disrupt potential attacks. RHEL 9 is the only affected version. RHEL 6, 7, and 8 all utilize an older version of OpenSSH which was never affected by this vulnerability. The affected versions of OCP are 4.13, 4.14, 4.15, and 4.16 as they include the affected version of OpenSSH in the underlying operating system Red Hat CoreOS (RHCOS). 4.12 and earlier versions of OCP are not affected.
Меры по смягчению последствий
The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections.
- As root user, open the /etc/ssh/sshd_config
- Add or edit the parameter configuration:
- Save and close the file
- Restart the sshd daemon:
Setting LoginGraceTime to 0 disables the SSHD server's ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like 'fail2ban' alongside a firewall to monitor log files and manage connections appropriately. If any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 5 | openssh | Not affected | ||
| Red Hat Ceph Storage 6 | openssh | Affected | ||
| Red Hat Ceph Storage 7 | openssh | Affected | ||
| Red Hat Enterprise Linux 10 | openssh | Affected | ||
| Red Hat Enterprise Linux 6 | openssh | Not affected | ||
| Red Hat Enterprise Linux 7 | openssh | Not affected | ||
| Red Hat Enterprise Linux 8 | openssh | Not affected | ||
| Red Hat Enterprise Linux 9 | openssh | Fixed | RHSA-2024:4312 | 03.07.2024 |
| Red Hat Enterprise Linux 9 | openssh | Fixed | RHSA-2024:4312 | 03.07.2024 |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | openssh | Fixed | RHSA-2024:4389 | 08.07.2024 |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling
A security regression (CVE-2006-5051) was discovered in OpenSSH's serv ...
8.1 High
CVSS3