Signal Handler Race Condition in OpenSSH's Server

CVE-2024-6387

8.1HIGH

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions; Red Hat Enterprise Linux 9.2 Extended Update Support; Red Hat Enterprise Linux 6
Vendor: CVE Published:; 1 July 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC🟡 EPSS 71%📰 News Worthy

Summary

The "regreSSHion" vulnerability (CVE-2024-6387) affects the OpenSSH server in Linux that relies on the GNU C library (glibc). This vulnerability allows remote arbitrary code execution with root privileges without authentication. It is a regression of a previously fixed vulnerability and affects almost all Linux systems, including versions 8.5p1 to 9.8p1 released in March 2021. The OpenSSH development team has released a fix in version 9.8p1, and organizations are urged to promptly apply patches, restrict SSH through network-based controls, and implement systems to monitor and alert for anomalous exploitation activity to mitigate the risk. There are over 14 million vulnerable OpenSSH servers, and the exploitation of this vulnerability poses a threat of system compromise, data manipulation, and a major data breach.

Affected Version(s)

Red Hat Enterprise Linux 9 <= 0:8.7p1-38.el9_4.1

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions <= 0:8.7p1-12.el9_0.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2024-6387-poc
Created by zgzhang

cve-2024-6387-poc
Created by acrono

regreSSHion
Created by xonoxitron

News Articles

SC Media

CVE-2024-6387

FreeBSD releases new patch for regreSSHion-related RCE flaw

The OpenSSH vulnerability in the operating system could enable remote code execution with root privileges.

1 month ago

Check Point Blog

CVE-2024-6387

CVE-2024-6387 - regreSSHion Remote Code Execution vulnerability seen in OpenSSH - Check Point Blog

On Monday, July 1st, a security regression ( CVE-2024-6387was discovered in OpenSSH’s server (sshd), that was previously patched in 2006. According to

2 months ago

Palo Alto Networks

CVE-2024-6387

Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability

This threat brief details CVE-2024-6387, called RegreSSHion, an RCE vulnerability affecting connectivity tool OpenSSH servers on glibc-based Linux systems.

2 months ago

EPSS Score

71% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit exists.
Jul 9, 2024
Vulnerability started trending.
Jul 2, 2024
🔥
Vulnerability reached the number 1 worldwide trending spot.
Jul 2, 2024
Risk change from: null to: 8.1 - (HIGH)
Jul 1, 2024
First article discovered by SecurityWeek
Jul 1, 2024
Vulnerability published.
Jul 1, 2024
Vulnerability Reserved.
Jun 27, 2024
Reported to Red Hat.
Jun 27, 2024

Collectors

NVD DatabaseMitre DatabaseRed Hat Feed6 Proof of Concept(s)22 News Article(s)