{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-6387", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-06-27T13:41:03.421Z", "datePublished": "2024-07-01T12:37:25.431Z", "dateUpdated": "2024-09-14T02:09:26.419Z"}, "containers": {"cna": {"title": "Openssh: regresshion - race condition in ssh allows rce/dos", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period."}], "affected": [{"repo": "https://anongit.mindrot.org/openssh.git", "versions": [{"status": "affected", "version": "8.5p1", "versionType": "custom", "lessThanOrEqual": "9.7p1"}], "packageName": "OpenSSH", "collectionURL": "https://www.openssh.com/", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openssh", "defaultStatus": "affected", "versions": [{"version": "0:8.7p1-38.el9_4.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openssh", "defaultStatus": "affected", "versions": [{"version": "0:8.7p1-38.el9_4.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openssh", "defaultStatus": "affected", "versions": [{"version": "0:8.7p1-12.el9_0.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:9.0::baseos", "cpe:/a:redhat:rhel_e4s:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openssh", "defaultStatus": "affected", "versions": [{"version": "0:8.7p1-30.el9_2.4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.13", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [{"version": "413.92.202407091321-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [{"version": "414.92.202407091253-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [{"version": "415.92.202407091355-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [{"version": "416.94.202407081958-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Ceph Storage 5", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openssh", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:ceph_storage:5"]}, {"vendor": "Red Hat", "product": "Red Hat Ceph Storage 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openssh", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:ceph_storage:6"]}, {"vendor": "Red Hat", "product": "Red Hat Ceph Storage 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openssh", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:ceph_storage:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openssh", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openssh", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openssh", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4312", "name": "RHSA-2024:4312", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4340", "name": "RHSA-2024:4340", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4389", "name": "RHSA-2024:4389", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4469", "name": "RHSA-2024:4469", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4474", "name": "RHSA-2024:4474", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4479", "name": "RHSA-2024:4479", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4484", "name": "RHSA-2024:4484", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-6387", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604", "name": "RHBZ#2294604", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"}, {"url": "https://www.openssh.com/txt/release-9.8"}, {"url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"}], "datePublic": "2024-07-01T08:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-364", "description": "Signal Handler Race Condition", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-364: Signal Handler Race Condition", "workarounds": [{"lang": "en", "value": "The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~\n\nSetting LoginGraceTime to 0 disables the SSHD server's ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like 'fail2ban' alongside a firewall to monitor log files and manage connections appropriately.\n\nIf any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed."}], "timeline": [{"lang": "en", "time": "2024-06-27T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-07-01T08:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-14T02:09:26.419Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-02T13:18:34.695298Z", "id": "CVE-2024-6387", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T13:18:46.662Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-19T07:47:51.801Z"}, "title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/07/01/12", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/01/13", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/02/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/11", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/3", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/5", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/04/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/04/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/08/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/08/3", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/09/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/09/5", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/10/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/10/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/10/3", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/10/4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/10/6", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/11/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/11/3", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/23/4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/23/6", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/28/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/28/3", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4312", "name": "RHSA-2024:4312", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4340", "name": "RHSA-2024:4340", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4389", "name": "RHSA-2024:4389", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4469", "name": "RHSA-2024:4469", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4474", "name": "RHSA-2024:4474", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4479", "name": "RHSA-2024:4479", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4484", "name": "RHSA-2024:4484", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-6387", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/", "tags": ["x_transferred"]}, {"url": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/", "tags": ["x_transferred"]}, {"url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604", "name": "RHBZ#2294604", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://explore.alas.aws.amazon.com/CVE-2024-6387.html", "tags": ["x_transferred"]}, {"url": "https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132", "tags": ["x_transferred"]}, {"url": "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc", "tags": ["x_transferred"]}, {"url": "https://github.com/AlmaLinux/updates/issues/629", "tags": ["x_transferred"]}, {"url": "https://github.com/Azure/AKS/issues/4379", "tags": ["x_transferred"]}, {"url": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248", "tags": ["x_transferred"]}, {"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249", "tags": ["x_transferred"]}, {"url": "https://github.com/microsoft/azurelinux/issues/9555", "tags": ["x_transferred"]}, {"url": "https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09", "tags": ["x_transferred"]}, {"url": "https://github.com/oracle/oracle-linux/issues/149", "tags": ["x_transferred"]}, {"url": "https://github.com/rapier1/hpn-ssh/issues/87", "tags": ["x_transferred"]}, {"url": "https://github.com/zgzhang/cve-2024-6387-poc", "tags": ["x_transferred"]}, {"url": "https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/", "tags": ["x_transferred"]}, {"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html", "tags": ["x_transferred"]}, {"url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html", "tags": ["x_transferred"]}, {"url": "https://news.ycombinator.com/item?id=40843778", "tags": ["x_transferred"]}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010", "tags": ["x_transferred"]}, {"url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html", "tags": ["x_transferred"]}, {"url": "https://security-tracker.debian.org/tracker/CVE-2024-6387", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240701-0001/", "tags": ["x_transferred"]}, {"url": "https://sig-security.rocky.page/issues/CVE-2024-6387/", "tags": ["x_transferred"]}, {"url": "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/", "tags": ["x_transferred"]}, {"url": "https://ubuntu.com/security/CVE-2024-6387", "tags": ["x_transferred"]}, {"url": "https://ubuntu.com/security/notices/USN-6859-1", "tags": ["x_transferred"]}, {"url": "https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do", "tags": ["x_transferred"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100", "tags": ["x_transferred"]}, {"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc", "tags": ["x_transferred"]}, {"url": "https://www.openssh.com/txt/release-9.8", "tags": ["x_transferred"]}, {"url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt", "tags": ["x_transferred"]}, {"url": "https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html", "tags": ["x_transferred"]}, {"url": "https://www.suse.com/security/cve/CVE-2024-6387.html", "tags": ["x_transferred"]}, {"url": "https://www.theregister.com/2024/07/01/regresshion_openssh/", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214119", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214118", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214120", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "tags": ["x_transferred"]}, {"url": "https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387"}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/07/01/12", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/01/13", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/02/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/11", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/3", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/5", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/04/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/04/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/08/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/08/3", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/09/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/09/5", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/10/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/10/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/10/3", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/10/4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/10/6", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/11/1", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/11/3", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/23/4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/23/6", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/28/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/28/3", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4312", "name": "RHSA-2024:4312", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4340", "name": "RHSA-2024:4340", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4389", "name": "RHSA-2024:4389", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4469", "name": "RHSA-2024:4469", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4474", "name": "RHSA-2024:4474", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4479", "name": "RHSA-2024:4479", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4484", "name": "RHSA-2024:4484", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-6387", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/", "tags": ["x_transferred"]}, {"url": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/", "tags": ["x_transferred"]}, {"url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604", "name": "RHBZ#2294604", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://explore.alas.aws.amazon.com/CVE-2024-6387.html", "tags": ["x_transferred"]}, {"url": "https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132", "tags": ["x_transferred"]}, {"url": "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc", "tags": ["x_transferred"]}, {"url": "https://github.com/AlmaLinux/updates/issues/629", "tags": ["x_transferred"]}, {"url": "https://github.com/Azure/AKS/issues/4379", "tags": ["x_transferred"]}, {"url": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248", "tags": ["x_transferred"]}, {"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249", "tags": ["x_transferred"]}, {"url": "https://github.com/microsoft/azurelinux/issues/9555", "tags": ["x_transferred"]}, {"url": "https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09", "tags": ["x_transferred"]}, {"url": "https://github.com/oracle/oracle-linux/issues/149", "tags": ["x_transferred"]}, {"url": "https://github.com/rapier1/hpn-ssh/issues/87", "tags": ["x_transferred"]}, {"url": "https://github.com/zgzhang/cve-2024-6387-poc", "tags": ["x_transferred"]}, {"url": "https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/", "tags": ["x_transferred"]}, {"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html", "tags": ["x_transferred"]}, {"url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html", "tags": ["x_transferred"]}, {"url": "https://news.ycombinator.com/item?id=40843778", "tags": ["x_transferred"]}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010", "tags": ["x_transferred"]}, {"url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html", "tags": ["x_transferred"]}, {"url": "https://security-tracker.debian.org/tracker/CVE-2024-6387", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240701-0001/", "tags": ["x_transferred"]}, {"url": "https://sig-security.rocky.page/issues/CVE-2024-6387/", "tags": ["x_transferred"]}, {"url": "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/", "tags": ["x_transferred"]}, {"url": "https://ubuntu.com/security/CVE-2024-6387", "tags": ["x_transferred"]}, {"url": "https://ubuntu.com/security/notices/USN-6859-1", "tags": ["x_transferred"]}, {"url": "https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do", "tags": ["x_transferred"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100", "tags": ["x_transferred"]}, {"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc", "tags": ["x_transferred"]}, {"url": "https://www.openssh.com/txt/release-9.8", "tags": ["x_transferred"]}, {"url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt", "tags": ["x_transferred"]}, {"url": "https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html", "tags": ["x_transferred"]}, {"url": "https://www.suse.com/security/cve/CVE-2024-6387.html", "tags": ["x_transferred"]}, {"url": "https://www.theregister.com/2024/07/01/regresshion_openssh/", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214119", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214118", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214120", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "tags": ["x_transferred"]}, {"url": "https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-19T07:47:51.801Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6387", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-02T13:18:34.695298Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T13:18:43.278Z"}}], "cna": {"title": "Openssh: regresshion - race condition in ssh allows rce/dos", "credits": [{"lang": "en", "value": "Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"repo": "https://anongit.mindrot.org/openssh.git", "versions": [{"status": "affected", "version": "8.5p1", "versionType": "custom", "lessThanOrEqual": "9.7p1"}], "packageName": "OpenSSH", "collectionURL": "https://www.openssh.com/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:8.7p1-38.el9_4.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "openssh", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:8.7p1-38.el9_4.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "openssh", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:9.0::baseos", "cpe:/a:redhat:rhel_e4s:9.0::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:8.7p1-12.el9_0.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "openssh", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:8.7p1-30.el9_2.4", "lessThan": "*", "versionType": "rpm"}], "packageName": "openssh", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.13", "versions": [{"status": "unaffected", "version": "413.92.202407091321-0", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhcos", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "versions": [{"status": "unaffected", "version": "414.92.202407091253-0", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhcos", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "versions": [{"status": "unaffected", "version": "415.92.202407091355-0", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhcos", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.16::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "416.94.202407081958-0", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhcos", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ceph_storage:5"], "vendor": "Red Hat", "product": "Red Hat Ceph Storage 5", "packageName": "openssh", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:ceph_storage:6"], "vendor": "Red Hat", "product": "Red Hat Ceph Storage 6", "packageName": "openssh", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ceph_storage:7"], "vendor": "Red Hat", "product": "Red Hat Ceph Storage 7", "packageName": "openssh", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "openssh", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "openssh", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "openssh", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-06-27T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-07-01T08:00:00+00:00", "value": "Made public."}], "datePublic": "2024-07-01T08:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4312", "name": "RHSA-2024:4312", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4340", "name": "RHSA-2024:4340", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4389", "name": "RHSA-2024:4389", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4469", "name": "RHSA-2024:4469", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4474", "name": "RHSA-2024:4474", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4479", "name": "RHSA-2024:4479", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4484", "name": "RHSA-2024:4484", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-6387", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604", "name": "RHBZ#2294604", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"}, {"url": "https://www.openssh.com/txt/release-9.8"}, {"url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"}], "workarounds": [{"lang": "en", "value": "The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~\n\nSetting LoginGraceTime to 0 disables the SSHD server's ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like 'fail2ban' alongside a firewall to monitor log files and manage connections appropriately.\n\nIf any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed."}], "descriptions": [{"lang": "en", "value": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-364", "description": "Signal Handler Race Condition"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-14T02:09:26.419Z"}, "x_redhatCweChain": "CWE-364: Signal Handler Race Condition"}}, "cveMetadata": {"cveId": "CVE-2024-6387", "state": "PUBLISHED", "dateUpdated": "2024-09-14T02:09:26.419Z", "dateReserved": "2024-06-27T13:41:03.421Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-07-01T12:37:25.431Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "1102FFF5-77B1-400E-93F8-AC6CFE2CC93C", "versionEndExcluding": "4.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC13B91D-82A4-48B1-83AB-EC129C83D316", "versionEndExcluding": "9.8", "versionStartIncluding": "8.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*", "matchCriteriaId": "4C37CBBB-A4AA-40D0-9609-0620FDC12BA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:8.5:p1:*:*:*:*:*:*", "matchCriteriaId": "7945F60B-460E-4CA6-9EB4-BEE663386D50", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", "matchCriteriaId": "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "01363FFA-F7A6-43FC-8D47-E67F95410095", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "F843B777-5C64-4CAE-80D6-89DC2C9515B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", "matchCriteriaId": "39D345D3-108A-4551-A112-5EE51991411A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_micro:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "09F471C6-69AF-4E78-8143-17E783C80B9F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*", "matchCriteriaId": "47842532-D2B6-44CB-ADE2-4AC8630A4D8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:lts:*:*:*", "matchCriteriaId": "21538C5B-A130-411E-B5F7-BBBA4C9D488A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amazon:linux_2023:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D4BE4FC-249C-4B58-9513-BF482444CB64", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D", "versionEndIncluding": "11.70.2", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "C2D814BE-93EC-42EF-88C5-EA7E7DF07BE5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*", "matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*", "matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p10:*:*:*:*:*:*", "matchCriteriaId": "556F4943-7BA4-4E09-94B3-4515DC3C7807", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p11:*:*:*:*:*:*", "matchCriteriaId": "6AFEC561-D79B-498B-B59D-1D82B21BDF1A", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*", "matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*", "matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*", "matchCriteriaId": "A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p5:*:*:*:*:*:*", "matchCriteriaId": "761B4382-E857-4868-9F80-189B7F60256B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p6:*:*:*:*:*:*", "matchCriteriaId": "51B17801-15FD-4425-BA6C-BE06B14F1BFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p7:*:*:*:*:*:*", "matchCriteriaId": "E9CAFF74-AD36-4D29-83F3-23E0417C485D", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p8:*:*:*:*:*:*", "matchCriteriaId": "1B2D2A82-BFFE-45FE-9F79-4AF12C6DE69D", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p9:*:*:*:*:*:*", "matchCriteriaId": "E7A81663-047E-4328-BE3A-CF65AB55B29F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*", "matchCriteriaId": "17DAE911-21E1-4182-85A0-B9F0059DDA7F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*", "matchCriteriaId": "ABEA48EC-24EA-4106-9465-CE66B938635F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*", "matchCriteriaId": "8DFB5BD0-E777-4CAA-B2E0-3F3357D06D01", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*", "matchCriteriaId": "BC8C769C-A23E-4F61-AC42-4DA64421B096", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*", "matchCriteriaId": "FA25530A-133C-4D7C-8993-D5C42D79A0B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*", "matchCriteriaId": "69A72B5A-2189-4700-8E8B-1E5E7CA86C40", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*", "matchCriteriaId": "5771F187-281B-4680-B562-EFC7441A8F88", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*", "matchCriteriaId": "0A4437F5-9DDA-4769-974E-23BFA085E0DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*", "matchCriteriaId": "A9C3A3D4-C9F4-41EB-B532-821AF83470B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*", "matchCriteriaId": "878A1F0A-087F-47D7-9CA5-A54BB8D6676A", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*", "matchCriteriaId": "CE73CDC3-B5A7-4921-89C6-8F9DC426CB3E", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*", "matchCriteriaId": "50A5E650-31FB-45BE-8827-641B58A83E45", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "038E5B85-7F60-4D71-8D3F-EDBF6E036CE0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*", "matchCriteriaId": "BF309824-D379-4749-A1FA-BCB2987DD671", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*", "matchCriteriaId": "79D770C6-7A57-4A49-8164-C55391F62301", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*", "matchCriteriaId": "AA813990-8C8F-4EE8-9F2B-9F73C510A7B2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6A2EBE8-012E-470E-9E56-56ACBE345F78", "versionEndIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period."}, {"lang": "es", "value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n del controlador de se\u00f1ales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anteriores de OpenSSH), luego se llama al controlador SIGALRM de sshd de forma asincr\u00f3nica. Sin embargo, este controlador de se\u00f1ales llama a varias funciones que no son seguras para se\u00f1ales as\u00edncronas, por ejemplo, syslog()."}], "id": "CVE-2024-6387", "lastModified": "2024-09-14T03:15:08.143", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-07-01T13:15:06.467", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:4312"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:4340"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:4389"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:4469"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:4474"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:4479"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:4484"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-6387"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604"}, {"source": "secalert@redhat.com", "url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://www.openssh.com/txt/release-9.8"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-364"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2024:4312", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "openssh-0:8.7p1-38.el9_4.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-03T00:00:00Z"}, {"advisory": "RHSA-2024:4312", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "openssh-0:8.7p1-38.el9_4.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-03T00:00:00Z"}, {"advisory": "RHSA-2024:4389", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "openssh-0:8.7p1-12.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4340", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "openssh-0:8.7p1-30.el9_2.4", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-05T00:00:00Z"}, {"advisory": "RHSA-2024:4484", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "rhcos-413.92.202407091321-0", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-07-17T00:00:00Z"}, {"advisory": "RHSA-2024:4479", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "rhcos-414.92.202407091253-0", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-07-17T00:00:00Z"}, {"advisory": "RHSA-2024:4474", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "rhcos-415.92.202407091355-0", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-07-18T00:00:00Z"}, {"advisory": "RHSA-2024:4469", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "rhcos-416.94.202407081958-0", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-16T00:00:00Z"}], "bugzilla": {"description": "openssh: regreSSHion - race condition in SSH allows RCE/DoS", "id": "2294604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604"}, "csaw": true, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-364", "details": ["A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period."], "mitigation": {"lang": "en:us", "value": "The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections.\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~\nSetting LoginGraceTime to 0 disables the SSHD server's ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like 'fail2ban' alongside a firewall to monitor log files and manage connections appropriately.\nIf any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed."}, "name": "CVE-2024-6387", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Affected", "package_name": "openssh", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/a:redhat:ceph_storage:7", "fix_state": "Affected", "package_name": "openssh", "product_name": "Red Hat Ceph Storage 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2024-07-01T08:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-6387\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-6387\nhttps://santandersecurityresearch.github.io/blog/sshing_the_masses.html\nhttps://www.openssh.com/txt/release-9.8\nhttps://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"], "statement": "Red Hat rates the severity of this flaw as Important for both Red Hat Enterprise Linux (RHEL) and OpenShift Container Platform (OCP). The most significant risk is Remote Code Execution, however this outcome requires significant resources to exploit. If mitigations are put in place, the consequences of exploitation are reduced. An attacker would then only be able to impact availability of the OpenSSH service.\nThe main factor preventing a higher impact rating is an unpredictable race condition. All actively supported versions of RHEL (and by extension OCP) have ExecShield (aka ASLR) enabled by default and utilize NX technology, reducing reliability of the attack. Attackers are forced to retry the attack thousands of times. This generates significant noise providing defenders with an opportunity to detect and disrupt potential attacks.\nRHEL 9 is the only affected version. RHEL 6, 7, and 8 all utilize an older version of OpenSSH which was never affected by this vulnerability.\nThe affected versions of OCP are 4.13, 4.14, 4.15, and 4.16 as they include the affected version of OpenSSH in the underlying operating system Red Hat CoreOS (RHCOS). 4.12 and earlier versions of OCP are not affected.", "threat_severity": "Important", "upstream_fix": "openssh 8.7p1-38"}