CVE-2024-6387

Openssh: regresshion - race condition in ssh allows rce/dos

CVSS 8.1 HIGHEPSS 99.5%CWE-364

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

OpenSSHRed Hat · Red Hat Ceph Storage 5 Red Hat · Red Hat Ceph Storage 6 Red Hat · Red Hat Ceph Storage 7 Red Hat · Red Hat Enterprise Linux 10 Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7 Red Hat · Red Hat Enterprise Linux 8 Red Hat · Red Hat Enterprise Linux 9 Red Hat · Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Red Hat · Red Hat Enterprise Linux 9.2 Extended Update Support Red Hat · Red Hat OpenShift Container Platform 4.13 Red Hat · Red Hat OpenShift Container Platform 4.14 Red Hat · Red Hat OpenShift Container Platform 4.15 Red Hat · Red Hat OpenShift Container Platform 4.16

public PoCs found — 97

githubgithub.com/xaitax/CVE-2024-6387_Check★ 523 githubgithub.com/zgzhang/cve-2024-6387-poc★ 493 githubgithub.com/acrono/cve-2024-6387-poc★ 381 githubgithub.com/Karmakstylez/CVE-2024-6387★ 181 githubgithub.com/lflare/cve-2024-6387-poc★ 128 githubgithub.com/l0n3m4n/CVE-2024-6387★ 109 githubgithub.com/filipi86/CVE-2024-6387-Vulnerability-Checker★ 100 githubgithub.com/xonoxitron/regreSSHion★ 66 githubgithub.com/d0rb/CVE-2024-6387★ 50 githubgithub.com/bigb0x/CVE-2024-6387★ 35 githubgithub.com/getdrive/CVE-2024-6387-PoC★ 24 githubgithub.com/sxlmnwb/CVE-2024-6387★ 21 githubgithub.com/TAM-K592/CVE-2024-6387★ 14 githubgithub.com/thegenetic/CVE-2024-6387-exploit★ 14 githubgithub.com/devarshishimpi/CVE-2024-6387-Check★ 14 githubgithub.com/l-urk/CVE-2024-6387★ 12 githubgithub.com/AiGptCode/ssh_exploiter_CVE-2024-6387★ 11 githubgithub.com/0x4D31/cve-2024-6387_hassh★ 10 githubgithub.com/xonoxitron/regreSSHion-checker★ 10 githubgithub.com/P4x1s/CVE-2024-6387★ 8 githubgithub.com/wiggels/regresshion-check★ 6 githubgithub.com/azurejoga/CVE-2024-6387-how-to-fix★ 5 githubgithub.com/MrR0b0t19/CVE-2024-6387-Exploit-POC★ 4 githubgithub.com/kinu404/CVE-2024-6387★ 4 githubgithub.com/paradessia/CVE-2024-6387-nmap★ 4 githubgithub.com/harshinsecurity/sentinelssh★ 4 githubgithub.com/th3gokul/CVE-2024-6387★ 4 githubgithub.com/lala-amber/CVE-2024-6387★ 4 githubgithub.com/BrandonLynch2402/cve-2024-6387-nuclei-template★ 3 githubgithub.com/awusan125/test_for6387★ 3 githubgithub.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit★ 3 githubgithub.com/betancour/OpenSSH-Vulnerability-test★ 2 githubgithub.com/ahlfors/CVE-2024-6387★ 2 githubgithub.com/anhvutuan/CVE-2024-6387-poc-1★ 2 githubgithub.com/OHHDamnBRO/Noregressh★ 2 githubgithub.com/identity-threat-labs/CVE-2024-6387-Vulnerability-Checker★ 2 githubgithub.com/Symbolexe/CVE-2024-6387★ 2 githubgithub.com/prelearn-code/CVE-2024-6387★ 2 githubgithub.com/Ap0dexMe0/CVE-2024-6387★ 2 githubgithub.com/ACHUX21/checker-CVE-2024-6387★ 2 githubgithub.com/grupooruss/CVE-2024-6387★ 2 githubgithub.com/sardine-web/CVE-2024-6387-template★ 2 githubgithub.com/muyuanlove/CVE-2024-6387fixshell★ 2 githubgithub.com/redux-sibi-jose/mitigate_ssh★ 1 githubgithub.com/7etsuo/cve-2024-6387-poc★ 1 githubgithub.com/passwa11/cve-2024-6387-poc★ 1 githubgithub.com/teamos-hub/regreSSHion★ 1 githubgithub.com/R4Tw1z/CVE-2024-6387★ 1 githubgithub.com/shamo0/CVE-2024-6387_PoC★ 1 githubgithub.com/rumochnaya/openssh-cve-2024-6387.sh★ 1 githubgithub.com/xristos8574/regreSSHion-nmap-scanner★ 1 githubgithub.com/n1cks0n/Test_CVE-2024-6387★ 1 githubgithub.com/RickGeex/CVE-2024-6387-Checker★ 1 githubgithub.com/turbobit/CVE-2024-6387-OpenSSH-Vulnerability-Checker★ 1 githubgithub.com/sardine-web/CVE-2024-6387_Check★ 1 githubgithub.com/alex14324/ssh_poc2024★ 1 githubgithub.com/X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker★ 1 githubgithub.com/identity-threat-labs/Article-RegreSSHion-CVE-2024-6387★ 1 githubgithub.com/xiw1ll/CVE-2024-6387_Checker★ 1 githubgithub.com/t3rry327/cve-2024-6387-poc★ 0 githubgithub.com/Remnant-DB/CVE-2024-6387★ 0 githubgithub.com/CognisysGroup/CVE-2024-6387-Checker★ 0 githubgithub.com/edsonjt81/CVE-2024-6387_Check★ 0 githubgithub.com/imv7/CVE-2024-6387★ 0 githubgithub.com/dawnl3ss/CVE-2024-6387★ 0 githubgithub.com/no-one-sec/CVE-2024-6387★ 0 githubgithub.com/vkaushik-chef/regreSSHion★ 0 githubgithub.com/dgourillon/mitigate-CVE-2024-6387★ 0 githubgithub.com/mrmtwoj/CVE-2024-6387★ 0 githubgithub.com/particle99/CVE-2024-6387-POC★ 0 githubgithub.com/kubota/CVE-2024-6387-Vulnerability-Checker★ 0 githubgithub.com/DimaMend/cve-2024-6387-poc★ 0 githubgithub.com/invaderslabs/regreSSHion-CVE-2024-6387-★ 0 githubgithub.com/4lxprime/regreSSHive★ 0 githubgithub.com/dream434/CVE-2024-6387★ 0 githubgithub.com/hssmo/cve-2024-6387_AImade★ 0 githubgithub.com/zenzue/CVE-2024-6387-Mitigation★ 0 githubgithub.com/daniel-odrinski/CVE-2024-6387-Mitigation-Ansible-Playbook★ 0 githubgithub.com/Doux-x/CVE-2024-6387-analysis★ 0 githubgithub.com/kaleth4/CVE-2024-6387★ 0 githubgithub.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH★ 0 githubgithub.com/almogopp/OpenSSH-CVE-2024-6387-Fix★ 0 githubgithub.com/HadesNull123/CVE-2024-6387_Check★ 0 githubgithub.com/CiderAndWhisky/regression-scanner★ 0 githubgithub.com/oseasfr/Scanner_CVE_OpenSSH★ 0 githubgithub.com/Mufti22/CVE-2024-6387-checkher★ 0 githubgithub.com/YassDEV221608/CVE-2024-6387★ 0 githubgithub.com/jack0we/CVE-2024-6387★ 0 githubgithub.com/FerasAlrimali/CVE-2024-6387-POC★ 0 githubgithub.com/vuducmanhno100-cloud/CVE-2024-6387★ 0 githubgithub.com/moften/regreSSHion-CVE-2024-6387★ 0 githubgithub.com/jocker2410/CVE-2024-6387_poc★ 0 githubgithub.com/JackSparrowhk/ssh-CVE-2024-6387-poc★ 0 githubgithub.com/Ngagne-Demba-Dia/CVE-2024-6387-corrigee★ 0 githubgithub.com/sms2056/CVE-2024-6387★ 0 cve_referencewww.exploit-db.com/exploits/52269unverified cve_referencepacketstorm.news/files/id/190587/unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2024:4312 https://access.redhat.com/errata/RHSA-2024:4340 https://access.redhat.com/errata/RHSA-2024:4389 https://access.redhat.com/errata/RHSA-2024:4469 https://access.redhat.com/errata/RHSA-2024:4474 https://access.redhat.com/errata/RHSA-2024:4479 https://access.redhat.com/errata/RHSA-2024:4484 https://access.redhat.com/security/cve/CVE-2024-6387 https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server https://bugzilla.redhat.com/show_bug.cgi?id=2294604