CVE-2024-6387
Openssh: regresshion - race condition in ssh allows rce/dos
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
101Exploited in Wild
-Decision
Descriptions
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anteriores de OpenSSH), luego se llama al controlador SIGALRM de sshd de forma asincrónica. Sin embargo, este controlador de señales llama a varias funciones que no son seguras para señales asíncronas, por ejemplo, syslog().
A signal handler in sshd(8) calls a function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd and accidentally reintroduced in OpenSSH 8.5p1. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-06-27 CVE Reserved
- 2024-07-01 CVE Published
- 2024-07-01 First Exploit
- 2025-05-21 CVE Updated
- 2025-07-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-364: Signal Handler Race Condition
CAPEC
References (166)
URL | Date | SRC |
---|---|---|
https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html | 2024-07-23 | |
https://news.ycombinator.com/item?id=40843778 | 2024-07-23 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:4312 | 2024-07-23 | |
https://access.redhat.com/errata/RHSA-2024:4340 | 2024-07-23 | |
https://access.redhat.com/errata/RHSA-2024:4389 | 2024-07-23 | |
https://access.redhat.com/errata/RHSA-2024:4469 | 2024-07-23 | |
https://access.redhat.com/errata/RHSA-2024:4474 | 2024-07-23 | |
https://access.redhat.com/errata/RHSA-2024:4479 | 2024-07-23 | |
https://access.redhat.com/errata/RHSA-2024:4484 | 2024-07-23 | |
https://access.redhat.com/security/cve/CVE-2024-6387 | 2024-07-17 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2294604 | 2024-07-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | < 4.4 Search vendor "Openbsd" for product "Openssh" and version " < 4.4" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | >= 8.6 < 9.8 Search vendor "Openbsd" for product "Openssh" and version " >= 8.6 < 9.8" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.4 Search vendor "Openbsd" for product "Openssh" and version "4.4" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 8.5 Search vendor "Openbsd" for product "Openssh" and version "8.5" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 9.8 Search vendor "Openbsd" for product "Openssh" and version "9.8" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 4.0 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 9.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "9.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux For Arm 64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" | 9.0_aarch64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" and version "9.0_aarch64" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux For Arm 64 Eus Search vendor "Redhat" for product "Enterprise Linux For Arm 64 Eus" | 9.4_aarch64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64 Eus" and version "9.4_aarch64" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" | 9.0_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" and version "9.0_s390x" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" | 9.4_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "9.4_s390x" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" | 9.0_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" and version "9.0_ppc64le" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 9.4_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "9.4_ppc64le" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 9.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "9.4" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Micro Search vendor "Suse" for product "Linux Enterprise Micro" | 6.0 Search vendor "Suse" for product "Linux Enterprise Micro" and version "6.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 12.0 Search vendor "Debian" for product "Debian Linux" and version "12.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 22.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "22.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 22.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "22.10" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 23.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "23.04" | lts |
Affected
| ||||||
Amazon Search vendor "Amazon" | Linux 2023 Search vendor "Amazon" for product "Linux 2023" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | >= 11.0.0 <= 11.70.2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version " >= 11.0.0 <= 11.70.2" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Ontap Tools Search vendor "Netapp" for product "Ontap Tools" | 9 Search vendor "Netapp" for product "Ontap Tools" and version "9" | vmware_vsphere |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | p1 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | p10 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | p11 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | p2 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | p3 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | p4 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | p5 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | p6 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | p7 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | p8 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | p9 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.3 Search vendor "Freebsd" for product "Freebsd" and version "13.3" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.3 Search vendor "Freebsd" for product "Freebsd" and version "13.3" | p1 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.3 Search vendor "Freebsd" for product "Freebsd" and version "13.3" | p2 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.3 Search vendor "Freebsd" for product "Freebsd" and version "13.3" | p3 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 14.0 Search vendor "Freebsd" for product "Freebsd" and version "14.0" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 14.0 Search vendor "Freebsd" for product "Freebsd" and version "14.0" | beta5 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 14.0 Search vendor "Freebsd" for product "Freebsd" and version "14.0" | p1 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 14.0 Search vendor "Freebsd" for product "Freebsd" and version "14.0" | p2 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 14.0 Search vendor "Freebsd" for product "Freebsd" and version "14.0" | p3 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 14.0 Search vendor "Freebsd" for product "Freebsd" and version "14.0" | p4 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 14.0 Search vendor "Freebsd" for product "Freebsd" and version "14.0" | p5 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 14.0 Search vendor "Freebsd" for product "Freebsd" and version "14.0" | p6 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 14.0 Search vendor "Freebsd" for product "Freebsd" and version "14.0" | p7 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 14.0 Search vendor "Freebsd" for product "Freebsd" and version "14.0" | rc3 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 14.0 Search vendor "Freebsd" for product "Freebsd" and version "14.0" | rc4-p1 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 14.1 Search vendor "Freebsd" for product "Freebsd" and version "14.1" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 14.1 Search vendor "Freebsd" for product "Freebsd" and version "14.1" | p1 |
Affected
| ||||||
Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | <= 10.0.0 Search vendor "Netbsd" for product "Netbsd" and version " <= 10.0.0" | - |
Affected
|