First published: Thu Jun 27 2024(Updated: )
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Credit: secalert@redhat.com secalert@redhat.com CVE-2024-6387 CVE-2024-6387 CVE-2024-6387
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft CBL Mariner 2.0 x64 | ||
Microsoft CBL Mariner 2.0 ARM | ||
F5 BIG-IP Next | >=20.1.0<=20.2.1 | |
F5 BIG-IP Next Central Manager | >=20.1.0<=20.2.1 | |
F5 BIG-IP Next SPK | >=1.7.0<=1.9.2 | |
F5 BIG-IP Next CNF | >=1.1.0<=1.3.1 | |
Apple macOS Ventura | <13.6.8 | 13.6.8 |
Apple macOS Monterey | <12.7.6 | 12.7.6 |
Apple macOS Sonoma | <14.6 | 14.6 |
Microsoft Azure Arc Resource Bridge | ||
Microsoft Azure Kubernetes Service Node on Azure Linux | ||
Microsoft Azure Kubernetes Service Node on Ubuntu Linux | ||
Microsoft Azure Arc Resource Bridge | ||
debian/openssh | 1:8.4p1-5+deb11u3 1:9.2p1-2+deb12u3 1:9.8p1-8 | |
Openbsd Openssh | <4.4 | |
Openbsd Openssh | >=8.6<9.8 | |
Openbsd Openssh | =4.4 | |
Openbsd Openssh | =8.5-p1 | |
Redhat Openshift Container Platform | =4.0 | |
Redhat Enterprise Linux | =9.0 | |
Redhat Enterprise Linux Eus | =9.4 | |
Redhat Enterprise Linux For Arm 64 | =9.0_aarch64 | |
Redhat Enterprise Linux For Arm 64 Eus | =9.4_aarch64 | |
Redhat Enterprise Linux For Ibm Z Systems | =9.0_s390x | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =9.4_s390x | |
Redhat Enterprise Linux For Power Little Endian | =9.0_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =9.4_ppc64le | |
Redhat Enterprise Linux Server Aus | =9.4 | |
Suse Linux Enterprise Micro | =6.0 | |
Debian Debian Linux | =12.0 | |
Canonical Ubuntu Linux | =22.04 | |
Canonical Ubuntu Linux | =22.10 | |
Canonical Ubuntu Linux | =23.04 | |
Amazon Linux 2023 | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.2 | |
NetApp ONTAP Select Deploy administration utility | ||
Netapp Ontap Tools Vmware Vsphere | =9 | |
FreeBSD FreeBSD | =13.2 | |
FreeBSD FreeBSD | =13.2-p1 | |
FreeBSD FreeBSD | =13.2-p10 | |
FreeBSD FreeBSD | =13.2-p11 | |
FreeBSD FreeBSD | =13.2-p2 | |
FreeBSD FreeBSD | =13.2-p3 | |
FreeBSD FreeBSD | =13.2-p4 | |
FreeBSD FreeBSD | =13.2-p5 | |
FreeBSD FreeBSD | =13.2-p6 | |
FreeBSD FreeBSD | =13.2-p7 | |
FreeBSD FreeBSD | =13.2-p8 | |
FreeBSD FreeBSD | =13.2-p9 | |
FreeBSD FreeBSD | =13.3 | |
FreeBSD FreeBSD | =13.3-p1 | |
FreeBSD FreeBSD | =13.3-p2 | |
FreeBSD FreeBSD | =13.3-p3 | |
FreeBSD FreeBSD | =14.0 | |
FreeBSD FreeBSD | =14.0-beta5 | |
FreeBSD FreeBSD | =14.0-p1 | |
FreeBSD FreeBSD | =14.0-p2 | |
FreeBSD FreeBSD | =14.0-p3 | |
FreeBSD FreeBSD | =14.0-p4 | |
FreeBSD FreeBSD | =14.0-p5 | |
FreeBSD FreeBSD | =14.0-p6 | |
FreeBSD FreeBSD | =14.0-p7 | |
FreeBSD FreeBSD | =14.0-rc3 | |
FreeBSD FreeBSD | =14.0-rc4-p1 | |
FreeBSD FreeBSD | =14.1 | |
FreeBSD FreeBSD | =14.1-p1 | |
NetBSD NetBSD | <=10.0.0 | |
Microsoft Azure Arc Resource Bridge | ||
redhat/openssh 8.7p1 | <38 | 38 |
Fortinet FortiADC | >=7.4.0<=7.4.4 | |
Fortinet FortiADC | >=7.2.0<=7.2.6 | |
Fortinet FortiAIOps | >=2.0.0<=2.0.1 | |
Fortinet FortiAnalyzer | >=7.4.0<=7.4.3 | |
Fortinet FortiAnalyzer | >=7.2.0<=7.2.5 | |
Fortinet FortiAnalyzer | >=7.0.0<=7.0.12 | |
Fortinet FortiAnalyzer | >=6.4.0<=6.4.14 | |
Fortinet FortiAnalyzer-BigData | =. | |
Fortinet FortiAuthenticator | >=6.6.0<=6.6.1 | |
Fortinet FortiDDoS | >=5.7.0<=5.7.3 | |
Fortinet FortiDDoS-F | >=7.0.0<=7.0.1 | |
Fortinet FortiDeceptor | >=5.3.0<=5.3.1 | |
Fortinet FortiDeceptor | =. | |
Fortinet FortiExtender | >=7.4.0<=7.4.5 | |
Fortinet FortiExtender | >=7.2.0<=7.2.5 | |
Fortinet FortiExtender | >=7.0.0<=7.0.5 | |
Fortinet FortiLANCloud | >=23 | |
Fortinet FortiLANCloud | >=22 | |
Fortinet FortiMail | >=7.4.0<=7.4.2 | |
Fortinet FortiMail | >=7.2.0<=7.2.6 | |
Fortinet FortiMail | >=7.0.0<=7.0.7 | |
Fortinet FortiMail | >=6.4.0<=6.4.8 | |
Fortinet FortiManager | >=7.4.0<=7.4.3 | |
Fortinet FortiManager | >=7.2.0<=7.2.5 | |
Fortinet FortiManager | >=7.0.0<=7.0.12 | |
Fortinet FortiManager | >=6.4.0<=6.4.14 | |
Fortinet FortiManager Cloud | >=7.2.3<=7.2.4 | |
Fortinet FortiManager Cloud | =. | |
Fortinet FortiManager Cloud | =. | |
Fortinet FortiManager Cloud | >=7.0.6<=7.0.7 | |
Fortinet FortiNAC-F | =. | |
Fortinet FortiNAC-F | >=7.2.0<=7.2.6 | |
Fortinet FortiRecorder | >=7.2.0<=7.2.1 | |
Fortinet FortiRecorder | >=7.0.0<=7.0.4 | |
Fortinet FortiRecorder | >=6.4.0<=6.4.5 | |
Fortinet FortiRecorder | >=6.0.0<=6.0.12 | |
Fortinet FortiSwitch | >=7.4.0<=7.4.3 | |
Fortinet FortiSwitch | >=7.2.0<=7.2.8 | |
Fortinet FortiTester | >=7.4.0<=7.4.2 | |
Fortinet FortiTester | >=7.3.0<=7.3.2 | |
Fortinet FortiTester | >=7.2.0<=7.2.3 | |
Fortinet FortiVoice | >=7.0.0<=7.0.2 | |
Fortinet FortiVoice | >=6.4.0<=6.4.9 | |
Fortinet FortiWLC | >=8.6.0<=8.6.7 | |
Fortinet FortiWeb | =. | |
Fortinet FortiWeb | >=7.4.0<=7.4.4 | |
Fortinet FortiWeb | >=7.2.0<=7.2.9 |
Set LoginGraceTime to 0 in /etc/ssh/sshd_config. This makes sshd vulnerable to a denial of service (the exhaustion of all MaxStartups connections), but it makes it safe from this vulnerability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)