CVE/CVE-2024-6387

From Omnia
< CVE
Jump to navigation Jump to search

openssh vulnerability

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

https://www.cvedetails.com/cve/CVE-2024-6387/

---

https://ubuntu.com/security/CVE-2024-6387
A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Published: 1 July 2024
14 - trusty	Not vulnerable (introduced in v8.5p1)
16 - xenial	Not vulnerable (introduced in v8.5p1)
18 - bionic	Not vulnerable (introduced in v8.5p1)
20 - focal	Not vulnerable (introduced in v8.5p1)
22 - jammy	Released (1:8.9p1-3ubuntu0.10)
24 - noble	Released (1:9.6p1-3ubuntu13.3)

---

Notice:

https://ubuntu.com/security/notices/USN-6859-1

Update to:

Ubuntu 24.04
 openssh-client - 1:9.6p1-3ubuntu13.3
 openssh-server - 1:9.6p1-3ubuntu13.3
Ubuntu 23.10
 openssh-client - 1:9.3p1-1ubuntu3.6
 openssh-server - 1:9.3p1-1ubuntu3.6
Ubuntu 22.04
 openssh-client - 1:8.9p1-3ubuntu0.10
 openssh-server - 1:8.9p1-3ubuntu0.10

---

Debian Bookwork - fixed in:

1:9.2p1-2+deb12u3

---

Target Audience

System owners/maintainers (including labs) that utilize Linux systems with OpenSSH.

CVE-2024-6387 HIGH

Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. The vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006.

Impacted Versions

This regression was introduced in October 2020 (OpenSSH 8.5p1).

  • OpenSSH < 4.4p1 is vulnerable
  • 8.5p1 <= OpenSSH < 9.8p1 is vulnerable
  • 4.4p1 <= OpenSSH < 8.5p1 is not vulnerable
Red Hat	https://access.redhat.com/security/cve/cve-2024-6387
Debian	https://lists.debian.org/debian-security-announce/2024/msg00135.html
Oracle	https://linux.oracle.com/errata/ELSA-2024-12468.html
Ubuntu	https://ubuntu.com/security/notices/USN-6859-1

If your linux distribution does not have a patch available yet, change the system “LoginGraceTime” to 0. Default value is 120 seconds. The LoginGraceTime parameter specifies the time allowed for successful authentication to the SSH server. The longer the grace period is, the more open unauthenticated connections can exist. NOTE: This change will not fully mitigate the issue - it will only slow down attackers. Full mitigation through patching is still needed! Continue to monitor your linux distribution for patches.

keywords