- Vulnerability/
- CVE-2024-6387
27/6/2024
1/7/2024
1/7/2024
9/7/2024
23/10/2024
25/10/2024
CVE-2024-6387: OpenSSH regreSSHion Attack (CVE-2024-6387)
First published: Thu Jun 27 2024(Updated: )
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Credit: secalert@redhat.com secalert@redhat.com CVE-2024-6387 CVE-2024-6387 CVE-2024-6387
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft CBL Mariner 2.0 x64 | ||
| Microsoft CBL Mariner 2.0 ARM | ||
| F5 BIG-IP Next | >=20.1.0<=20.2.1 | |
| F5 BIG-IP Next Central Manager | >=20.1.0<=20.2.1 | |
| F5 BIG-IP Next SPK | >=1.7.0<=1.9.2 | |
| F5 BIG-IP Next CNF | >=1.1.0<=1.3.1 | |
| Apple macOS Ventura | <13.6.8 | 13.6.8 |
| Apple macOS Monterey | <12.7.6 | 12.7.6 |
| Apple macOS Sonoma | <14.6 | 14.6 |
| Microsoft Azure Kubernetes Service Node on Azure Linux | ||
| Microsoft Azure Arc Resource Bridge | ||
| Microsoft Azure Kubernetes Service Node on Ubuntu Linux | ||
| Microsoft Azure Arc Resource Bridge | ||
| debian/openssh | 1:8.4p1-5+deb11u3 1:9.2p1-2+deb12u3 1:9.8p1-8 | |
| Openbsd Openssh | <4.4 | |
| Openbsd Openssh | >=8.6<9.8 | |
| Openbsd Openssh | =4.4 | |
| Openbsd Openssh | =8.5-p1 | |
| Redhat Openshift Container Platform | =4.0 | |
| Redhat Enterprise Linux | =9.0 | |
| Redhat Enterprise Linux Eus | =9.4 | |
| Redhat Enterprise Linux For Arm 64 | =9.0_aarch64 | |
| Redhat Enterprise Linux For Arm 64 Eus | =9.4_aarch64 | |
| Redhat Enterprise Linux For Ibm Z Systems | =9.0_s390x | |
| Redhat Enterprise Linux For Ibm Z Systems Eus | =9.4_s390x | |
| Redhat Enterprise Linux For Power Little Endian | =9.0_ppc64le | |
| Redhat Enterprise Linux For Power Little Endian Eus | =9.4_ppc64le | |
| Redhat Enterprise Linux Server Aus | =9.4 | |
| Suse Linux Enterprise Micro | =6.0 | |
| Debian Debian Linux | =12.0 | |
| Canonical Ubuntu Linux | =22.04 | |
| Canonical Ubuntu Linux | =22.10 | |
| Canonical Ubuntu Linux | =23.04 | |
| Amazon Linux 2023 | ||
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.2 | |
| NetApp ONTAP Select Deploy administration utility | ||
| Netapp Ontap Tools Vmware Vsphere | =9 | |
| FreeBSD FreeBSD | =13.2 | |
| FreeBSD FreeBSD | =13.2-p1 | |
| FreeBSD FreeBSD | =13.2-p10 | |
| FreeBSD FreeBSD | =13.2-p11 | |
| FreeBSD FreeBSD | =13.2-p2 | |
| FreeBSD FreeBSD | =13.2-p3 | |
| FreeBSD FreeBSD | =13.2-p4 | |
| FreeBSD FreeBSD | =13.2-p5 | |
| FreeBSD FreeBSD | =13.2-p6 | |
| FreeBSD FreeBSD | =13.2-p7 | |
| FreeBSD FreeBSD | =13.2-p8 | |
| FreeBSD FreeBSD | =13.2-p9 | |
| FreeBSD FreeBSD | =13.3 | |
| FreeBSD FreeBSD | =13.3-p1 | |
| FreeBSD FreeBSD | =13.3-p2 | |
| FreeBSD FreeBSD | =13.3-p3 | |
| FreeBSD FreeBSD | =14.0 | |
| FreeBSD FreeBSD | =14.0-beta5 | |
| FreeBSD FreeBSD | =14.0-p1 | |
| FreeBSD FreeBSD | =14.0-p2 | |
| FreeBSD FreeBSD | =14.0-p3 | |
| FreeBSD FreeBSD | =14.0-p4 | |
| FreeBSD FreeBSD | =14.0-p5 | |
| FreeBSD FreeBSD | =14.0-p6 | |
| FreeBSD FreeBSD | =14.0-p7 | |
| FreeBSD FreeBSD | =14.0-rc3 | |
| FreeBSD FreeBSD | =14.0-rc4-p1 | |
| FreeBSD FreeBSD | =14.1 | |
| FreeBSD FreeBSD | =14.1-p1 | |
| NetBSD NetBSD | <=10.0.0 | |
| Microsoft Azure Arc Resource Bridge | ||
| redhat/openssh 8.7p1 | <38 | 38 |
| Fortinet FortiADC | >=7.4.0<=7.4.4 | |
| Fortinet FortiADC | >=7.2.0<=7.2.6 | |
| Fortinet FortiAIOps | >=2.0.0<=2.0.1 | |
| Fortinet FortiAnalyzer | >=7.4.0<=7.4.3 | |
| Fortinet FortiAnalyzer | >=7.2.0<=7.2.5 | |
| Fortinet FortiAnalyzer | >=7.0.0<=7.0.12 | |
| Fortinet FortiAnalyzer | >=6.4.0<=6.4.14 | |
| Fortinet FortiAnalyzer-BigData | =. | |
| Fortinet FortiAuthenticator | >=6.6.0<=6.6.1 | |
| Fortinet FortiDDoS | >=5.7.0<=5.7.3 | |
| Fortinet FortiDDoS-F | >=7.0.0<=7.0.1 | |
| Fortinet FortiExtender | >=7.4.0<=7.4.5 | |
| Fortinet FortiExtender | >=7.2.0<=7.2.5 | |
| Fortinet FortiExtender | >=7.0.0<=7.0.5 | |
| Fortinet FortiMail | >=7.4.0<=7.4.2 | |
| Fortinet FortiMail | >=7.2.0<=7.2.6 | |
| Fortinet FortiMail | >=7.0.0<=7.0.7 | |
| Fortinet FortiMail | >=6.4.0<=6.4.8 | |
| Fortinet FortiManager | >=7.4.0<=7.4.3 | |
| Fortinet FortiManager | >=7.2.0<=7.2.5 | |
| Fortinet FortiManager | >=7.0.0<=7.0.12 | |
| Fortinet FortiManager | >=6.4.0<=6.4.14 | |
| Fortinet FortiManager Cloud | >=7.2.3<=7.2.4 | |
| Fortinet FortiManager Cloud | =. | |
| Fortinet FortiManager Cloud | =. | |
| Fortinet FortiManager Cloud | >=7.0.6<=7.0.7 | |
| Fortinet FortiNAC-F | =. | |
| Fortinet FortiNAC-F | >=7.2.0<=7.2.6 | |
| Fortinet FortiNDR | >=7.4.3<=7.4.5 | |
| Fortinet FortiNDR | >=7.2.2<=7.2.3 | |
| Fortinet FortiNDR | =. | |
| Fortinet FortiRecorder | >=7.2.0<=7.2.1 | |
| Fortinet FortiRecorder | >=7.0.0<=7.0.4 | |
| Fortinet FortiRecorder | >=6.4.0<=6.4.5 | |
| Fortinet FortiRecorder | >=6.0.0<=6.0.12 | |
| Fortinet FortiSandbox | >=4.4.0<=4.4.6 | |
| Fortinet FortiSandbox | >=4.2.0<=4.2.7 | |
| Fortinet FortiSandbox | >=4.0.0<=4.0.5 | |
| Fortinet FortiSandbox | >=3.2.0<=3.2.4 | |
| Fortinet FortiSwitch | >=7.4.0<=7.4.3 | |
| Fortinet FortiSwitch | >=7.2.0<=7.2.8 | |
| Fortinet FortiVoice | >=7.0.0<=7.0.2 | |
| Fortinet FortiVoice | >=6.4.0<=6.4.9 | |
| Fortinet FortiWeb | =. | |
| Fortinet FortiWeb | >=7.4.0<=7.4.4 | |
| Fortinet FortiWeb | >=7.2.0<=7.2.9 |
Remedy
Set LoginGraceTime to 0 in /etc/ssh/sshd_config. This makes sshd vulnerable to a denial of service (the exhaustion of all MaxStartups connections), but it makes it safe from this vulnerability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://launchpad.net/bugs/cve/CVE-2024-6387
- https://www.bleepingcomputer.com/news/security/new-regresshion-openssh-rce-bug-gives-root-on-linux-servers/
- https://www.theregister.com/2024/07/01/regresshion_openssh/
- https://www.zdnet.com/article/over-14m-servers-may-be-vulnerable-to-opensshs-regresshion-rce-flaw-heres-what-you-need-to-do/
- https://www.theregister.com/2024/07/11/openssh_bug_in_rhel_9/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6387 (Advisory)
- https://my.f5.com/manage/s/article/K000140222
- https://support.apple.com/en-us/HT214120 (Advisory)
- https://support.apple.com/en-us/HT214118 (Advisory)
- https://support.apple.com/en-us/HT214119 (Advisory)
- https://github.com/openssh/openssh-portable/commit/752250caabda3dd24635503c4cd689b32a650794
- https://github.com/openssh/openssh-portable/commit/81c1099d22b81ebfd20a334ce986c4f753b0db29
- https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
- https://www.openwall.com/lists/oss-security/2024/07/01/1
- https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
- https://security-tracker.debian.org/tracker/CVE-2024-6387
- https://access.redhat.com/errata/RHSA-2024:4312
- https://access.redhat.com/errata/RHSA-2024:4340
- https://access.redhat.com/errata/RHSA-2024:4389
- https://access.redhat.com/errata/RHSA-2024:4469
- https://access.redhat.com/errata/RHSA-2024:4474
- https://access.redhat.com/errata/RHSA-2024:4479
- https://access.redhat.com/errata/RHSA-2024:4484
- https://access.redhat.com/security/cve/CVE-2024-6387
- https://bugzilla.redhat.com/show_bug.cgi?id=2294604
- https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
- https://www.openssh.com/txt/release-9.8
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387
- https://nvd.nist.gov/vuln/detail/CVE-2024-6387
- https://ubuntu.com/security/CVE-2024-6387
- https://www.fortiguard.com/psirt/cvrf/FG-IR-24-258
- https://www.fortiguard.com/psirt/FG-IR-24-258
- https://access.redhat.com/security/cve/CVE-2006-5051
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2294604#c19
- https://retrobowl25.com
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-40783
- CVE-2024-27826
- CVE-2024-40774
- CVE-2024-40775
- CVE-2024-27877
- CVE-2024-40799
- CVE-2024-27873
- CVE-2024-2004
- CVE-2024-2379
- CVE-2024-2398
- CVE-2024-2466
- CVE-2024-40827
- CVE-2024-40815
- CVE-2023-6277
- CVE-2023-52356
- CVE-2024-40806
- CVE-2024-40784
- CVE-2024-40816
- CVE-2024-40788
- CVE-2024-40803
- CVE-2024-40796
- CVE-2024-6387
- CVE-2024-40781
- CVE-2024-40802
- CVE-2024-40823
- CVE-2024-27882
- CVE-2024-27883
- CVE-2024-40800
- CVE-2024-40817
- CVE-2024-27881
- CVE-2024-40821
- CVE-2024-40798
- CVE-2024-40833
- CVE-2024-40807
- CVE-2024-40835
- CVE-2024-40834
- CVE-2024-40787
- CVE-2024-40793
- CVE-2024-40809
- CVE-2024-40812
- CVE-2024-40818
- CVE-2024-40786
- CVE-2024-40828
- CVE-2024-23261
- CVE-2024-40829
- CVE-2024-23296
- CVE-2024-40804
- CVE-2023-38709
- CVE-2024-24795
- CVE-2024-27316
- CVE-2024-40814
- CVE-2024-27878
- CVE-2024-40795
- CVE-2024-40777
- CVE-2024-27863
- CVE-2024-40805
- CVE-2024-40832
- CVE-2024-40778
- CVE-2023-27952
- CVE-2024-40824
- CVE-2024-27871
- CVE-2024-27872
- CVE-2024-27862
- CVE-2024-40836
- CVE-2024-40822
- CVE-2024-40811
- CVE-2024-40776
- CVE-2024-40782
- CVE-2024-40779
- CVE-2024-40780
- CVE-2024-40785
- CVE-2024-40789
- CVE-2024-4558
- CVE-2024-40794
- collector/oss-sec
- source/oss-sec
- alias/CVE-2024-6387
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2006-5051
- alias/CVE-2008-4109
- collector/the-register
- source/The Register
- agent/remedy
- collector/zdnet-article
- source/ZDNet
- alias/CVE-2024-6409
- collector/msrc
- source/Microsoft
- agent/software-canonical-lookup
- collector/msrc-cve
- collector/f5-advisory
- source/F5
- agent/author
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup-request
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/weakness
- collector/security-tracker-debian
- source/Debian
- agent/severity
- agent/title
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- agent/description
- agent/softwarecombine
- collector/redhat-bugzilla
- source/Red Hat
- agent/references
- agent/last-modified-date
- agent/tags
- collector/fortiguard-psirt-latest
- source/FortiGuard
- agent/event
- collector/fortiguard-psirt
- vendor/microsoft
- canonical/microsoft cbl mariner 2.0 x64
- canonical/microsoft cbl mariner 2.0 arm
- vendor/f5
- canonical/f5 big-ip next
- version/f5 big-ip next/20.1.0
- version/f5 big-ip next/20.2.1
- canonical/f5 big-ip next central manager
- version/f5 big-ip next central manager/20.1.0
- version/f5 big-ip next central manager/20.2.1
- canonical/f5 big-ip next spk
- version/f5 big-ip next spk/1.7.0
- version/f5 big-ip next spk/1.9.2
- canonical/f5 big-ip next cnf
- version/f5 big-ip next cnf/1.1.0
- version/f5 big-ip next cnf/1.3.1
- vendor/apple
- canonical/apple macos ventura
- canonical/apple macos monterey
- canonical/apple macos sonoma
- canonical/microsoft azure kubernetes service node on azure linux
- canonical/microsoft azure arc resource bridge
- canonical/microsoft azure kubernetes service node on ubuntu linux
- package-manager/debian
- vendor/openbsd
- canonical/openbsd openssh
- version/openbsd openssh/8.6
- version/openbsd openssh/4.4
- version/openbsd openssh/8.5-p1
- vendor/redhat
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/9.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/9.4
- canonical/redhat enterprise linux for arm 64
- version/redhat enterprise linux for arm 64/9.0_aarch64
- canonical/redhat enterprise linux for arm 64 eus
- version/redhat enterprise linux for arm 64 eus/9.4_aarch64
- canonical/redhat enterprise linux for ibm z systems
- version/redhat enterprise linux for ibm z systems/9.0_s390x
- canonical/redhat enterprise linux for ibm z systems eus
- version/redhat enterprise linux for ibm z systems eus/9.4_s390x
- canonical/redhat enterprise linux for power little endian
- version/redhat enterprise linux for power little endian/9.0_ppc64le
- canonical/redhat enterprise linux for power little endian eus
- version/redhat enterprise linux for power little endian eus/9.4_ppc64le
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/9.4
- vendor/suse
- canonical/suse linux enterprise micro
- version/suse linux enterprise micro/6.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/12.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/22.04
- version/canonical ubuntu linux/22.10
- version/canonical ubuntu linux/23.04
- vendor/amazon
- canonical/amazon linux 2023
- vendor/netapp
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.70.2
- canonical/netapp ontap select deploy administration utility
- canonical/netapp ontap tools vmware vsphere
- version/netapp ontap tools vmware vsphere/9
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/13.2
- version/freebsd freebsd/13.2-p1
- version/freebsd freebsd/13.2-p10
- version/freebsd freebsd/13.2-p11
- version/freebsd freebsd/13.2-p2
- version/freebsd freebsd/13.2-p3
- version/freebsd freebsd/13.2-p4
- version/freebsd freebsd/13.2-p5
- version/freebsd freebsd/13.2-p6
- version/freebsd freebsd/13.2-p7
- version/freebsd freebsd/13.2-p8
- version/freebsd freebsd/13.2-p9
- version/freebsd freebsd/13.3
- version/freebsd freebsd/13.3-p1
- version/freebsd freebsd/13.3-p2
- version/freebsd freebsd/13.3-p3
- version/freebsd freebsd/14.0
- version/freebsd freebsd/14.0-beta5
- version/freebsd freebsd/14.0-p1
- version/freebsd freebsd/14.0-p2
- version/freebsd freebsd/14.0-p3
- version/freebsd freebsd/14.0-p4
- version/freebsd freebsd/14.0-p5
- version/freebsd freebsd/14.0-p6
- version/freebsd freebsd/14.0-p7
- version/freebsd freebsd/14.0-rc3
- version/freebsd freebsd/14.0-rc4-p1
- version/freebsd freebsd/14.1
- version/freebsd freebsd/14.1-p1
- vendor/netbsd
- canonical/netbsd netbsd
- version/netbsd netbsd/10.0.0
- package-manager/redhat
- vendor/fortinet
- canonical/fortinet fortiadc
- version/fortinet fortiadc/7.4.0
- version/fortinet fortiadc/7.4.4
- version/fortinet fortiadc/7.2.0
- version/fortinet fortiadc/7.2.6
- canonical/fortinet fortiaiops
- version/fortinet fortiaiops/2.0.0
- version/fortinet fortiaiops/2.0.1
- canonical/fortinet fortianalyzer
- version/fortinet fortianalyzer/7.4.0
- version/fortinet fortianalyzer/7.4.3
- version/fortinet fortianalyzer/7.2.0
- version/fortinet fortianalyzer/7.2.5
- version/fortinet fortianalyzer/7.0.0
- version/fortinet fortianalyzer/7.0.12
- version/fortinet fortianalyzer/6.4.0
- version/fortinet fortianalyzer/6.4.14
- canonical/fortinet fortianalyzer-bigdata
- version/fortinet fortianalyzer-bigdata/.
- canonical/fortinet fortiauthenticator
- version/fortinet fortiauthenticator/6.6.0
- version/fortinet fortiauthenticator/6.6.1
- canonical/fortinet fortiddos
- version/fortinet fortiddos/5.7.0
- version/fortinet fortiddos/5.7.3
- canonical/fortinet fortiddos-f
- version/fortinet fortiddos-f/7.0.0
- version/fortinet fortiddos-f/7.0.1
- canonical/fortinet fortiextender
- version/fortinet fortiextender/7.4.0
- version/fortinet fortiextender/7.4.5
- version/fortinet fortiextender/7.2.0
- version/fortinet fortiextender/7.2.5
- version/fortinet fortiextender/7.0.0
- version/fortinet fortiextender/7.0.5
- canonical/fortinet fortimail
- version/fortinet fortimail/7.4.0
- version/fortinet fortimail/7.4.2
- version/fortinet fortimail/7.2.0
- version/fortinet fortimail/7.2.6
- version/fortinet fortimail/7.0.0
- version/fortinet fortimail/7.0.7
- version/fortinet fortimail/6.4.0
- version/fortinet fortimail/6.4.8
- canonical/fortinet fortimanager
- version/fortinet fortimanager/7.4.0
- version/fortinet fortimanager/7.4.3
- version/fortinet fortimanager/7.2.0
- version/fortinet fortimanager/7.2.5
- version/fortinet fortimanager/7.0.0
- version/fortinet fortimanager/7.0.12
- version/fortinet fortimanager/6.4.0
- version/fortinet fortimanager/6.4.14
- canonical/fortinet fortimanager cloud
- version/fortinet fortimanager cloud/7.2.3
- version/fortinet fortimanager cloud/7.2.4
- version/fortinet fortimanager cloud/.
- version/fortinet fortimanager cloud/7.0.6
- version/fortinet fortimanager cloud/7.0.7
- canonical/fortinet fortinac-f
- version/fortinet fortinac-f/.
- version/fortinet fortinac-f/7.2.0
- version/fortinet fortinac-f/7.2.6
- canonical/fortinet fortindr
- version/fortinet fortindr/7.4.3
- version/fortinet fortindr/7.4.5
- version/fortinet fortindr/7.2.2
- version/fortinet fortindr/7.2.3
- version/fortinet fortindr/.
- canonical/fortinet fortirecorder
- version/fortinet fortirecorder/7.2.0
- version/fortinet fortirecorder/7.2.1
- version/fortinet fortirecorder/7.0.0
- version/fortinet fortirecorder/7.0.4
- version/fortinet fortirecorder/6.4.0
- version/fortinet fortirecorder/6.4.5
- version/fortinet fortirecorder/6.0.0
- version/fortinet fortirecorder/6.0.12
- canonical/fortinet fortisandbox
- version/fortinet fortisandbox/4.4.0
- version/fortinet fortisandbox/4.4.6
- version/fortinet fortisandbox/4.2.0
- version/fortinet fortisandbox/4.2.7
- version/fortinet fortisandbox/4.0.0
- version/fortinet fortisandbox/4.0.5
- version/fortinet fortisandbox/3.2.0
- version/fortinet fortisandbox/3.2.4
- canonical/fortinet fortiswitch
- version/fortinet fortiswitch/7.4.0
- version/fortinet fortiswitch/7.4.3
- version/fortinet fortiswitch/7.2.0
- version/fortinet fortiswitch/7.2.8
- canonical/fortinet fortivoice
- version/fortinet fortivoice/7.0.0
- version/fortinet fortivoice/7.0.2
- version/fortinet fortivoice/6.4.0
- version/fortinet fortivoice/6.4.9
- canonical/fortinet fortiweb
- version/fortinet fortiweb/.
- version/fortinet fortiweb/7.4.0
- version/fortinet fortiweb/7.4.4
- version/fortinet fortiweb/7.2.0
- version/fortinet fortiweb/7.2.9