Detections
Analytics

CVE-2024-6387

critical

Description

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

References

https://www.openssh.com/txt/release-9.8

https://bugzilla.redhat.com/show_bug.cgi?id=2294604

https://access.redhat.com/security/cve/CVE-2024-6387

https://access.redhat.com/errata/RHSA-2024:4484

https://access.redhat.com/errata/RHSA-2024:4479

https://access.redhat.com/errata/RHSA-2024:4474

https://access.redhat.com/errata/RHSA-2024:4469

https://access.redhat.com/errata/RHSA-2024:4389

https://access.redhat.com/errata/RHSA-2024:4340

https://access.redhat.com/errata/RHSA-2024:4312

https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-09

https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html

https://www.securityweek.com/juniper-networks-fixes-high-severity-vulnerabilities-in-junos-os/

https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/

https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-15

https://www.securityweek.com/cisco-patches-high-severity-vulnerability-reported-by-nsa/

https://support.apple.com/en-us/HT214118

https://www.openwall.com/lists/oss-security/2024/07/10/2

https://securityaffairs.com/165535/hacking/openssh-flaw-cve-2024-6409.html?web_view=true

https://cloud.google.com/support/bulletins/index#gcp-2024-040

https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/

https://www.theregister.com/2024/07/01/regresshion_openssh/

https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387

https://www.suse.com/security/cve/CVE-2024-6387.html

https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html

https://www.openssh.com/releasenotes.html

https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc

https://www.exploit-db.com/exploits/52269

https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100

https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do

https://ubuntu.com/security/notices/USN-6859-1

https://ubuntu.com/security/CVE-2024-6387

https://support.apple.com/kb/HT214120

https://support.apple.com/kb/HT214119

https://support.apple.com/kb/HT214118

https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/

https://sig-security.rocky.page/issues/CVE-2024-6387/

https://security.netapp.com/advisory/ntap-20240701-0001/

https://security-tracker.debian.org/tracker/CVE-2024-6387

https://santandersecurityresearch.github.io/blog/sshing_the_masses.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010

https://packetstorm.news/files/id/190587/

https://news.ycombinator.com/item?id=40843778

https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html

https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html

https://lists.almalinux.org/archives/list/[email protected]/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/

https://github.com/zgzhang/cve-2024-6387-poc

https://github.com/rapier1/hpn-ssh/issues/87

https://github.com/oracle/oracle-linux/issues/149

https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09

https://github.com/microsoft/azurelinux/issues/9555

https://github.com/PowerShell/Win32-OpenSSH/issues/2249

https://github.com/PowerShell/Win32-OpenSSH/discussions/2248

https://github.com/Azure/AKS/issues/4379

https://github.com/AlmaLinux/updates/issues/629

https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc

https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132

https://explore.alas.aws.amazon.com/CVE-2024-6387.html

https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/

http://www.openwall.com/lists/oss-security/2024/07/28/3

http://www.openwall.com/lists/oss-security/2024/07/28/2

http://www.openwall.com/lists/oss-security/2024/07/23/6

http://www.openwall.com/lists/oss-security/2024/07/23/4

http://www.openwall.com/lists/oss-security/2024/07/11/3

http://www.openwall.com/lists/oss-security/2024/07/11/1

http://www.openwall.com/lists/oss-security/2024/07/10/6

http://www.openwall.com/lists/oss-security/2024/07/10/4

http://www.openwall.com/lists/oss-security/2024/07/10/3

http://www.openwall.com/lists/oss-security/2024/07/10/2

http://www.openwall.com/lists/oss-security/2024/07/10/1

http://www.openwall.com/lists/oss-security/2024/07/09/5

http://www.openwall.com/lists/oss-security/2024/07/09/2

http://www.openwall.com/lists/oss-security/2024/07/08/3

http://www.openwall.com/lists/oss-security/2024/07/08/2

http://www.openwall.com/lists/oss-security/2024/07/04/2

http://www.openwall.com/lists/oss-security/2024/07/04/1

http://www.openwall.com/lists/oss-security/2024/07/03/5

http://www.openwall.com/lists/oss-security/2024/07/03/4

http://www.openwall.com/lists/oss-security/2024/07/03/3

http://www.openwall.com/lists/oss-security/2024/07/03/2

http://www.openwall.com/lists/oss-security/2024/07/03/11

http://www.openwall.com/lists/oss-security/2024/07/03/1

http://www.openwall.com/lists/oss-security/2024/07/02/1

http://www.openwall.com/lists/oss-security/2024/07/01/13

http://www.openwall.com/lists/oss-security/2024/07/01/12

http://seclists.org/fulldisclosure/2024/Jul/20

http://seclists.org/fulldisclosure/2024/Jul/19

http://seclists.org/fulldisclosure/2024/Jul/18

Details

Source: Mitre, NVD

Published: 2024-07-01

Updated: 2025-04-24

Named Vulnerability: regreSSHion

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 9.2

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.54043

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability Being Monitored