CVE-2024-6387

Public Exploit
Openssh: regresshion - race condition in ssh allows rce/dos

Description

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Remediation

Workaround:

  • The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections. 1) As root user, open the /etc/ssh/sshd_config 2) Add or edit the parameter configuration: ~~~ LoginGraceTime 0 ~~~ 3) Save and close the file 4) Restart the sshd daemon: ~~~ systemctl restart sshd.service ~~~ Setting LoginGraceTime to 0 disables the SSHD server's ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like 'fail2ban' alongside a firewall to monitor log files and manage connections appropriately. If any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed.

Categories

8.1
CVSS
Severity: High
CVSS 3.1 •
EPSS 54.04% Top 5%
Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Affected: Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support
Affected: Red Hat Red Hat OpenShift Container Platform 4.13
Affected: Red Hat Red Hat OpenShift Container Platform 4.14
Affected: Red Hat Red Hat OpenShift Container Platform 4.15
Affected: Red Hat Red Hat OpenShift Container Platform 4.16
Affected: Red Hat Red Hat Ceph Storage 5
Affected: Red Hat Red Hat Ceph Storage 6
Affected: Red Hat Red Hat Ceph Storage 7
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 6
Affected: Red Hat Red Hat Enterprise Linux 7
Affected: Red Hat Red Hat Enterprise Linux 8
Published at:
Updated at:

References

Link Tags
https://access.redhat.com/errata/RHSA-2024:4312 third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:4340 third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:4389 third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:4469 third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:4474 third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:4479 third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:4484 third party advisory vendor advisory
https://access.redhat.com/security/cve/CVE-2024-6387 vdb entry third party advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2294604 issue tracking third party advisory
https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
https://www.openssh.com/txt/release-9.8 third party advisory release notes
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt third party advisory exploit
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
http://www.openwall.com/lists/oss-security/2024/07/01/12
http://www.openwall.com/lists/oss-security/2024/07/01/13
http://www.openwall.com/lists/oss-security/2024/07/02/1
http://www.openwall.com/lists/oss-security/2024/07/03/1
http://www.openwall.com/lists/oss-security/2024/07/03/11
http://www.openwall.com/lists/oss-security/2024/07/03/2
http://www.openwall.com/lists/oss-security/2024/07/03/3
http://www.openwall.com/lists/oss-security/2024/07/03/4
http://www.openwall.com/lists/oss-security/2024/07/03/5
http://www.openwall.com/lists/oss-security/2024/07/04/1
http://www.openwall.com/lists/oss-security/2024/07/04/2
http://www.openwall.com/lists/oss-security/2024/07/08/2
http://www.openwall.com/lists/oss-security/2024/07/08/3
http://www.openwall.com/lists/oss-security/2024/07/09/2
http://www.openwall.com/lists/oss-security/2024/07/09/5
http://www.openwall.com/lists/oss-security/2024/07/10/1
http://www.openwall.com/lists/oss-security/2024/07/10/2
http://www.openwall.com/lists/oss-security/2024/07/10/3
http://www.openwall.com/lists/oss-security/2024/07/10/4
http://www.openwall.com/lists/oss-security/2024/07/10/6
http://www.openwall.com/lists/oss-security/2024/07/11/1
http://www.openwall.com/lists/oss-security/2024/07/11/3
http://www.openwall.com/lists/oss-security/2024/07/23/4
http://www.openwall.com/lists/oss-security/2024/07/23/6
http://www.openwall.com/lists/oss-security/2024/07/28/2
http://www.openwall.com/lists/oss-security/2024/07/28/3
https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/
https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
https://explore.alas.aws.amazon.com/CVE-2024-6387.html
https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132
https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc
https://github.com/AlmaLinux/updates/issues/629
https://github.com/Azure/AKS/issues/4379
https://github.com/PowerShell/Win32-OpenSSH/discussions/2248
https://github.com/PowerShell/Win32-OpenSSH/issues/2249
https://github.com/microsoft/azurelinux/issues/9555
https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09
https://github.com/oracle/oracle-linux/issues/149
https://github.com/rapier1/hpn-ssh/issues/87
https://github.com/zgzhang/cve-2024-6387-poc
https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/
https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html
https://news.ycombinator.com/item?id=40843778
https://packetstorm.news/files/id/190587/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010
https://security-tracker.debian.org/tracker/CVE-2024-6387
https://security.netapp.com/advisory/ntap-20240701-0001/
https://sig-security.rocky.page/issues/CVE-2024-6387/
https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/
https://support.apple.com/kb/HT214118
https://support.apple.com/kb/HT214119
https://support.apple.com/kb/HT214120
https://ubuntu.com/security/CVE-2024-6387
https://ubuntu.com/security/notices/USN-6859-1
https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do
https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100
https://www.exploit-db.com/exploits/52269
https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc
https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html
https://www.suse.com/security/cve/CVE-2024-6387.html
https://www.theregister.com/2024/07/01/regresshion_openssh/
https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387

Frequently Asked Questions

What is the severity of CVE-2024-6387?
CVE-2024-6387 has been scored as a high severity vulnerability.
How to fix CVE-2024-6387?
As a workaround for remediating CVE-2024-6387: The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections. 1) As root user, open the /etc/ssh/sshd_config 2) Add or edit the parameter configuration: ~~~ LoginGraceTime 0 ~~~ 3) Save and close the file 4) Restart the sshd daemon: ~~~ systemctl restart sshd.service ~~~ Setting LoginGraceTime to 0 disables the SSHD server's ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like 'fail2ban' alongside a firewall to monitor log files and manage connections appropriately. If any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed.
Is CVE-2024-6387 being actively exploited in the wild?
It is possible that CVE-2024-6387 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~54% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-6387?
CVE-2024-6387 affects Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat OpenShift Container Platform 4.13, Red Hat Red Hat OpenShift Container Platform 4.14, Red Hat Red Hat OpenShift Container Platform 4.15, Red Hat Red Hat OpenShift Container Platform 4.16, Red Hat Red Hat Ceph Storage 5, Red Hat Red Hat Ceph Storage 6, Red Hat Red Hat Ceph Storage 7, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 6, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 8.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.