CVE/CVE-2024-6387: Difference between revisions
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 37: | Line 37: | ||
openssh-client - 1:8.9p1-3ubuntu0.10 | openssh-client - 1:8.9p1-3ubuntu0.10 | ||
openssh-server - 1:8.9p1-3ubuntu0.10 | openssh-server - 1:8.9p1-3ubuntu0.10 | ||
--- | |||
Debian Bookwork - fixed in: | |||
1:9.2p1-2+deb12u3 | |||
--- | --- | ||
Line 50: | Line 55: | ||
This regression was introduced in October 2020 (OpenSSH 8.5p1). | This regression was introduced in October 2020 (OpenSSH 8.5p1). | ||
* OpenSSH < 4.4p1 is vulnerable | |||
* 8.5p1 <= OpenSSH < 9.8p1 is vulnerable | |||
* 4.4p1 <= OpenSSH < 8.5p1 is not vulnerable | |||
Red Hat https://access.redhat.com/security/cve/cve-2024-6387 | Red Hat https://access.redhat.com/security/cve/cve-2024-6387 |
Latest revision as of 02:28, 4 July 2024
openssh vulnerability
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
https://www.cvedetails.com/cve/CVE-2024-6387/
---
https://ubuntu.com/security/CVE-2024-6387
- A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Published: 1 July 2024
14 - trusty Not vulnerable (introduced in v8.5p1) 16 - xenial Not vulnerable (introduced in v8.5p1) 18 - bionic Not vulnerable (introduced in v8.5p1) 20 - focal Not vulnerable (introduced in v8.5p1) 22 - jammy Released (1:8.9p1-3ubuntu0.10) 24 - noble Released (1:9.6p1-3ubuntu13.3)
---
Notice:
https://ubuntu.com/security/notices/USN-6859-1
Update to:
Ubuntu 24.04 openssh-client - 1:9.6p1-3ubuntu13.3 openssh-server - 1:9.6p1-3ubuntu13.3
Ubuntu 23.10 openssh-client - 1:9.3p1-1ubuntu3.6 openssh-server - 1:9.3p1-1ubuntu3.6
Ubuntu 22.04 openssh-client - 1:8.9p1-3ubuntu0.10 openssh-server - 1:8.9p1-3ubuntu0.10
---
Debian Bookwork - fixed in:
1:9.2p1-2+deb12u3
---
Target Audience
System owners/maintainers (including labs) that utilize Linux systems with OpenSSH.
CVE-2024-6387 HIGH
Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. The vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006.
Impacted Versions
This regression was introduced in October 2020 (OpenSSH 8.5p1).
- OpenSSH < 4.4p1 is vulnerable
- 8.5p1 <= OpenSSH < 9.8p1 is vulnerable
- 4.4p1 <= OpenSSH < 8.5p1 is not vulnerable
Red Hat https://access.redhat.com/security/cve/cve-2024-6387 Debian https://lists.debian.org/debian-security-announce/2024/msg00135.html Oracle https://linux.oracle.com/errata/ELSA-2024-12468.html Ubuntu https://ubuntu.com/security/notices/USN-6859-1
If your linux distribution does not have a patch available yet, change the system “LoginGraceTime” to 0. Default value is 120 seconds. The LoginGraceTime parameter specifies the time allowed for successful authentication to the SSH server. The longer the grace period is, the more open unauthenticated connections can exist. NOTE: This change will not fully mitigate the issue - it will only slow down attackers. Full mitigation through patching is still needed! Continue to monitor your linux distribution for patches.