Signal Handler Race Condition in OpenSSH's Server
CVE-2024-6387
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Enterprise Linux 9
- Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions
- Red Hat Enterprise Linux 9.2 Extended Update Support
- Red Hat Enterprise Linux 6
- Vendor
- CVE Published:
- 1 July 2024
Badges
What is CVE-2024-6387?
CVE-2024-6387 is a vulnerability found in OpenSSH's server (sshd), an essential component widely used for secure remote login and other secure network services. This particular flaw arises from a race condition in signal handling, which can lead to unsafe behaviors when receiving signals during user authentication attempts. An unauthenticated remote attacker could exploit this vulnerability by triggering the flaw when a legitimate user fails to authenticate within a specified time frame. Consequently, organizations relying on OpenSSH for secure communications may face severe security risks, including potential unauthorized access and exploitation of their systems.
Technical Details
The vulnerability stems from a security regression related to a previously identified issue (CVE-2006-5051) that affects signal handling in the OpenSSH server. The detected race condition may allow an attacker to execute arbitrary code or perform actions with elevated privileges by manipulating how signals are processed by sshd. This occurs specifically during the authentication phase, which means that the attack can be enacted without valid credentials, broadening the attack surface for malicious actors. The vulnerability affects multiple versions of OpenSSH, necessitating a timely response from users and system administrators to secure their environments.
Impact of the Vulnerability
-
Unauthorized Remote Code Execution: Exploiting CVE-2024-6387 could allow attackers to execute arbitrary code remotely, potentially gaining control over affected systems without needing authentication.
-
Data Breach Risk: Organizations may face significant risks of data breaches, as unauthorized access could enable attackers to extract sensitive information, thereby compromising the confidentiality and integrity of data.
-
Increased Attack Surface: The existence of this vulnerability increases the overall attack surface for OpenSSH servers, particularly for systems that are poorly configured or inadequately monitored, making them attractive targets for cybercriminals.
Affected Version(s)
Red Hat Enterprise Linux 9 <= 0:8.7p1-38.el9_4.1
Red Hat Enterprise Linux 9 <= 0:8.7p1-38.el9_4.1
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions <= 0:8.7p1-12.el9_0.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
KasperskyCVE-2024-6387CVE-2024-6387 aka regreSSHion – root cause, risks, mitigation
Which systems are vulnerable to the OpenSSH CVE-2024-6387 flaw, and how can its exploitation be prevented?
4 weeks ago
FreeBSD releases new patch for regreSSHion-related RCE flaw
The OpenSSH vulnerability in the operating system could enable remote code execution with root privileges.
2 months ago
FreeBSD releases new patch for regreSSHion-related RCE flaw
The OpenSSH vulnerability in the operating system could enable remote code execution with root privileges.
4 months ago
Refferences
CVSS V3.1
Timeline
- 🔴
Public PoC available
- 🔥
Vulnerability reached the number 1 worldwide trending spot
Vulnerability started trending
- 👾
Exploit known to exist
First article discovered by SecurityWeek
Vulnerability published
Vulnerability Reserved