CVE-2024-6387
HIGHCVSS 8.1/10EPSS 99.51%
Last modified
CVE-2024-6387 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. EPSS estimates a 99.51% chance of exploitation in the next 30 days.
Description
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Sonicwall | Sma 6200 Firmware | All versions | — |
| Sonicwall | Sma 7200 Firmware | All versions | — |
| Arista | Eos | >= 4.32.0, <= 4.32.1f | — |
| Canonical | Ubuntu Linux | 23.10 | — |
| Canonical | Ubuntu Linux | 24.04 | — |
| Almalinux | Almalinux | 9.0 | — |
| Sonicwall | Sma 6210 Firmware | All versions | — |
| Sonicwall | Sma 7210 Firmware | All versions | — |
| Sonicwall | Sma 8200v Firmware | All versions | — |
| Sonicwall | Sra Ex 7000 Firmware | All versions | — |
| Netapp | A1k Firmware | All versions | — |
| Netapp | A70 Firmware | All versions | — |
| Netapp | A90 Firmware | All versions | — |
| Netapp | A700s Firmware | All versions | — |
| Netapp | 8300 Firmware | All versions | — |
| Netapp | 8700 Firmware | All versions | — |
| Netapp | A400 Firmware | All versions | — |
| Netapp | C400 Firmware | All versions | — |
| Netapp | A250 Firmware | All versions | — |
| Netapp | 500f Firmware | All versions | — |
| Netapp | C250 Firmware | All versions | — |
| Netapp | A800 Firmware | All versions | — |
| Netapp | C800 Firmware | All versions | — |
| Netapp | A900 Firmware | All versions | — |
| Netapp | A9500 Firmware | All versions | — |
| Netapp | C190 Firmware | All versions | — |
| Netapp | A150 Firmware | All versions | — |
| Netapp | A220 Firmware | All versions | — |
| Netapp | Fas2720 Firmware | All versions | — |
| Netapp | Fas2750 Firmware | All versions | — |
| Netapp | Fas2820 Firmware | All versions | — |
| Netapp | Bootstrap Os | All versions | — |
| Apple | Macos | >= 12.0, < 12.7.6 | — |
| Apple | Macos | >= 13.0, < 13.6.8 | — |
| Apple | Macos | >= 14.0, < 14.6 | — |
| Openbsd | Openssh | < 4.4 | — |
| Openbsd | Openssh | >= 8.6, <= 9.8 | — |
| Openbsd | Openssh | 4.4 | — |
| Openbsd | Openssh | 8.5 | P1 |
| Openbsd | Openssh | 8.6 | — |
| Redhat | Openshift Container Platform | 4.0 | — |
| Redhat | Enterprise Linux | 9.0 | — |
| Redhat | Enterprise Linux Eus | 9.4 | — |
| Redhat | Enterprise Linux For Arm 64 | 9.0_aarch64 | — |
| Redhat | Enterprise Linux For Arm 64 Eus | 9.4_aarch64 | — |
| Redhat | Enterprise Linux For Ibm Z Systems | 9.0_s390x | — |
| Redhat | Enterprise Linux For Ibm Z Systems Eus | 9.4_s390x | — |
| Redhat | Enterprise Linux For Power Little Endian | 9.0_ppc64le | — |
| Redhat | Enterprise Linux For Power Little Endian Eus | 9.4_ppc64le | — |
| Redhat | Enterprise Linux Server Aus | 9.4 | — |
Showing 50 of 67 affected configurations. See NVD for the full list.
References
- https://access.redhat.com/errata/RHSA-2024:4312Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:4340Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:4389Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:4469Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:4474Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:4479Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:4484Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2024-6387Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2294604Third Party Advisory
- https://santandersecurityresearch.github.io/blog/sshing_the_masses.htmlExploit, Third Party Advisory
- https://www.openssh.com/txt/release-9.8Release Notes, Third Party Advisory
- https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txtExploit, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Jul/18Mailing List
- http://seclists.org/fulldisclosure/2024/Jul/19Mailing List
- http://seclists.org/fulldisclosure/2024/Jul/20Mailing List
- http://www.openwall.com/lists/oss-security/2024/07/03/11Exploit, Mailing List
- http://www.openwall.com/lists/oss-security/2024/07/03/3Mailing List, Patch
- http://www.openwall.com/lists/oss-security/2024/07/04/2Exploit, Mailing List
- http://www.openwall.com/lists/oss-security/2024/07/08/2Exploit, Mailing List
- http://www.openwall.com/lists/oss-security/2024/07/09/5Exploit, Mailing List
- http://www.openwall.com/lists/oss-security/2024/07/10/1Exploit, Mailing List
- https://access.redhat.com/errata/RHSA-2024:4312Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:4340Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:4389Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:4469Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:4474Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:4479Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:4484Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2024-6387Third Party Advisory
- https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/Press/Media Coverage, Third Party Advisory
- https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-serverPress/Media Coverage, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2294604Third Party Advisory
- https://explore.alas.aws.amazon.com/CVE-2024-6387.htmlThird Party Advisory
- https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132Issue Tracking
- https://github.com/AlmaLinux/updates/issues/629Issue Tracking
- https://github.com/Azure/AKS/issues/4379Issue Tracking
- https://github.com/PowerShell/Win32-OpenSSH/issues/2249Issue Tracking
- https://github.com/microsoft/azurelinux/issues/9555Issue Tracking
- https://github.com/oracle/oracle-linux/issues/149Issue Tracking
- https://github.com/rapier1/hpn-ssh/issues/87Issue Tracking
- https://github.com/zgzhang/cve-2024-6387-pocThird Party Advisory
- https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.htmlMailing List, Release Notes
- https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.htmlMailing List, Patch
- https://news.ycombinator.com/item?id=40843778Issue Tracking, Patch
- https://packetstorm.news/files/id/190587/Broken Link
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010Third Party Advisory
- https://santandersecurityresearch.github.io/blog/sshing_the_masses.htmlExploit, Third Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2024-6387Third Party Advisory
- https://security.netapp.com/advisory/ntap-20240701-0001/Third Party Advisory
- https://sig-security.rocky.page/issues/CVE-2024-6387/Third Party Advisory
- https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/Press/Media Coverage, Third Party Advisory
- https://support.apple.com/kb/HT214118Third Party Advisory
- https://support.apple.com/kb/HT214119Third Party Advisory
- https://support.apple.com/kb/HT214120Third Party Advisory
- https://ubuntu.com/security/CVE-2024-6387Third Party Advisory
- https://ubuntu.com/security/notices/USN-6859-1Third Party Advisory
- https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.ascThird Party Advisory
- https://www.openssh.com/txt/release-9.8Release Notes, Third Party Advisory
- https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txtExploit, Third Party Advisory
- https://www.suse.com/security/cve/CVE-2024-6387.htmlThird Party Advisory
- https://www.theregister.com/2024/07/01/regresshion_openssh/Press/Media Coverage, Third Party Advisory
- https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-6387?
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
How severe is CVE-2024-6387?
CVE-2024-6387 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 99.51% probability of exploitation in the next 30 days.
How do I fix CVE-2024-6387?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2024-6387?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST