CVE/CVE-2024-6387: Difference between revisions
(Created page with "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. https://www.cvedetails.com/cve/CVE-2024-6387/") |
No edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== openssh vulnerability == | |||
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | ||
https://www.cvedetails.com/cve/CVE-2024-6387/ | https://www.cvedetails.com/cve/CVE-2024-6387/ | ||
--- | |||
https://ubuntu.com/security/CVE-2024-6387 | |||
: A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | |||
Published: 1 July 2024 | |||
14 - trusty Not vulnerable (introduced in v8.5p1) | |||
16 - xenial Not vulnerable (introduced in v8.5p1) | |||
18 - bionic Not vulnerable (introduced in v8.5p1) | |||
20 - focal Not vulnerable (introduced in v8.5p1) | |||
22 - jammy Released (1:8.9p1-3ubuntu0.10) | |||
24 - noble Released (1:9.6p1-3ubuntu13.3) | |||
--- | |||
Notice: | |||
https://ubuntu.com/security/notices/USN-6859-1 | |||
Update to: | |||
Ubuntu 24.04 | |||
openssh-client - 1:9.6p1-3ubuntu13.3 | |||
openssh-server - 1:9.6p1-3ubuntu13.3 | |||
Ubuntu 23.10 | |||
openssh-client - 1:9.3p1-1ubuntu3.6 | |||
openssh-server - 1:9.3p1-1ubuntu3.6 | |||
Ubuntu 22.04 | |||
openssh-client - 1:8.9p1-3ubuntu0.10 | |||
openssh-server - 1:8.9p1-3ubuntu0.10 | |||
--- | |||
Debian Bookwork - fixed in: | |||
1:9.2p1-2+deb12u3 | |||
--- | |||
Target Audience | |||
System owners/maintainers (including labs) that utilize Linux systems with OpenSSH. | |||
CVE-2024-6387 HIGH | |||
Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. The vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006. | |||
Impacted Versions | |||
This regression was introduced in October 2020 (OpenSSH 8.5p1). | |||
* OpenSSH < 4.4p1 is vulnerable | |||
* 8.5p1 <= OpenSSH < 9.8p1 is vulnerable | |||
* 4.4p1 <= OpenSSH < 8.5p1 is not vulnerable | |||
Red Hat https://access.redhat.com/security/cve/cve-2024-6387 | |||
Debian https://lists.debian.org/debian-security-announce/2024/msg00135.html | |||
Oracle https://linux.oracle.com/errata/ELSA-2024-12468.html | |||
Ubuntu https://ubuntu.com/security/notices/USN-6859-1 | |||
If your linux distribution does not have a patch available yet, change the system “LoginGraceTime” to 0. Default value is 120 seconds. The LoginGraceTime parameter specifies the time allowed for successful authentication to the SSH server. The longer the grace period is, the more open unauthenticated connections can exist. NOTE: This change will not fully mitigate the issue - it will only slow down attackers. Full mitigation through patching is still needed! Continue to monitor your linux distribution for patches. | |||
== keywords == |
Latest revision as of 02:28, 4 July 2024
openssh vulnerability
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
https://www.cvedetails.com/cve/CVE-2024-6387/
---
https://ubuntu.com/security/CVE-2024-6387
- A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Published: 1 July 2024
14 - trusty Not vulnerable (introduced in v8.5p1) 16 - xenial Not vulnerable (introduced in v8.5p1) 18 - bionic Not vulnerable (introduced in v8.5p1) 20 - focal Not vulnerable (introduced in v8.5p1) 22 - jammy Released (1:8.9p1-3ubuntu0.10) 24 - noble Released (1:9.6p1-3ubuntu13.3)
---
Notice:
https://ubuntu.com/security/notices/USN-6859-1
Update to:
Ubuntu 24.04 openssh-client - 1:9.6p1-3ubuntu13.3 openssh-server - 1:9.6p1-3ubuntu13.3
Ubuntu 23.10 openssh-client - 1:9.3p1-1ubuntu3.6 openssh-server - 1:9.3p1-1ubuntu3.6
Ubuntu 22.04 openssh-client - 1:8.9p1-3ubuntu0.10 openssh-server - 1:8.9p1-3ubuntu0.10
---
Debian Bookwork - fixed in:
1:9.2p1-2+deb12u3
---
Target Audience
System owners/maintainers (including labs) that utilize Linux systems with OpenSSH.
CVE-2024-6387 HIGH
Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. The vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006.
Impacted Versions
This regression was introduced in October 2020 (OpenSSH 8.5p1).
- OpenSSH < 4.4p1 is vulnerable
- 8.5p1 <= OpenSSH < 9.8p1 is vulnerable
- 4.4p1 <= OpenSSH < 8.5p1 is not vulnerable
Red Hat https://access.redhat.com/security/cve/cve-2024-6387 Debian https://lists.debian.org/debian-security-announce/2024/msg00135.html Oracle https://linux.oracle.com/errata/ELSA-2024-12468.html Ubuntu https://ubuntu.com/security/notices/USN-6859-1
If your linux distribution does not have a patch available yet, change the system “LoginGraceTime” to 0. Default value is 120 seconds. The LoginGraceTime parameter specifies the time allowed for successful authentication to the SSH server. The longer the grace period is, the more open unauthenticated connections can exist. NOTE: This change will not fully mitigate the issue - it will only slow down attackers. Full mitigation through patching is still needed! Continue to monitor your linux distribution for patches.