%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Affected Component
Analysis
openssh
Patched
Name
CVE-2024-6387
Description
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Published Date
Updated Date
Workaround
-
Advisories
https://access.redhat.com/errata/RHSA-2024:4312Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4340Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4389Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4469Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4474Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4479Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4484Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-6387Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2294604Third Party Advisory
https://www.openssh.com/txt/release-9.8Release Notes
http://seclists.org/fulldisclosure/2024/Jul/18Mailing List
http://seclists.org/fulldisclosure/2024/Jul/19Mailing List
http://seclists.org/fulldisclosure/2024/Jul/20Mailing List
https://access.redhat.com/errata/RHSA-2024:4312Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4340Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4389Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4469Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4474Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4479Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4484Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-6387Third Party Advisory
https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/Third Party Advisory
https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/Press/Media Coverage
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-serverPress/Media Coverage
https://bugzilla.redhat.com/show_bug.cgi?id=2294604Third Party Advisory
https://explore.alas.aws.amazon.com/CVE-2024-6387.htmlThird Party Advisory
https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132Issue Tracking
https://github.com/AlmaLinux/updates/issues/629Issue Tracking
https://github.com/Azure/AKS/issues/4379Issue Tracking
https://github.com/PowerShell/Win32-OpenSSH/issues/2249Issue Tracking
https://github.com/microsoft/azurelinux/issues/9555Issue Tracking
https://github.com/oracle/oracle-linux/issues/149Issue Tracking
https://github.com/rapier1/hpn-ssh/issues/87Issue Tracking
https://github.com/zgzhang/cve-2024-6387-pocThird Party Advisory
https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/Third Party Advisory
https://news.ycombinator.com/item?id=40843778Issue Tracking
https://packetstorm.news/files/id/190587/Broken Link
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2024-6387Third Party Advisory
https://security.netapp.com/advisory/ntap-20240701-0001/Third Party Advisory
https://sig-security.rocky.page/issues/CVE-2024-6387/Third Party Advisory
https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/Press/Media Coverage
https://support.apple.com/kb/HT214118Third Party Advisory
https://support.apple.com/kb/HT214119Third Party Advisory
https://support.apple.com/kb/HT214120Third Party Advisory
https://ubuntu.com/security/CVE-2024-6387Third Party Advisory
https://ubuntu.com/security/notices/USN-6859-1Third Party Advisory
https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-doThird Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100Third Party Advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.ascThird Party Advisory
https://www.openssh.com/txt/release-9.8Release Notes
https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.htmlThird Party Advisory
https://www.suse.com/security/cve/CVE-2024-6387.htmlThird Party Advisory
https://www.theregister.com/2024/07/01/regresshion_openssh/Press/Media Coverage
Analysis#
Vulnerability Ratings#
8.1
CVSSv31
8.1
CVSSv31
NaN
other
Others affected components#
Resolved with patches#
openssh (yocto:kirkstone)
#
Title
Author
Resolve
1
Patch #1
Jose Quaresma <jose.quaresma@foundries.io>
CVE-2024-6387
openssh (yocto:scarthgap)
#
Title
Author
Resolve
1
Patch #1
Jose Quaresma <jose.quaresma@foundries.io>
CVE-2024-6387