CVE-2024-6387
Openssh: regresshion - race condition in ssh allows rce/dos
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
OpenSSHRed Hat · Red Hat Ceph Storage 5Red Hat · Red Hat Ceph Storage 6Red Hat · Red Hat Ceph Storage 7Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat · Red Hat OpenShift Container Platform 4.13Red Hat · Red Hat OpenShift Container Platform 4.14Red Hat · Red Hat OpenShift Container Platform 4.15Red Hat · Red Hat OpenShift Container Platform 4.16PoCs públicas encontradas — 97
githubgithub.com/xaitax/CVE-2024-6387_Check★ 523githubgithub.com/zgzhang/cve-2024-6387-poc★ 493githubgithub.com/acrono/cve-2024-6387-poc★ 381githubgithub.com/Karmakstylez/CVE-2024-6387★ 181githubgithub.com/lflare/cve-2024-6387-poc★ 128githubgithub.com/l0n3m4n/CVE-2024-6387★ 109githubgithub.com/filipi86/CVE-2024-6387-Vulnerability-Checker★ 100githubgithub.com/xonoxitron/regreSSHion★ 66githubgithub.com/d0rb/CVE-2024-6387★ 50githubgithub.com/bigb0x/CVE-2024-6387★ 35githubgithub.com/getdrive/CVE-2024-6387-PoC★ 24githubgithub.com/sxlmnwb/CVE-2024-6387★ 21githubgithub.com/TAM-K592/CVE-2024-6387★ 14githubgithub.com/thegenetic/CVE-2024-6387-exploit★ 14githubgithub.com/devarshishimpi/CVE-2024-6387-Check★ 14githubgithub.com/l-urk/CVE-2024-6387★ 12githubgithub.com/AiGptCode/ssh_exploiter_CVE-2024-6387★ 11githubgithub.com/0x4D31/cve-2024-6387_hassh★ 10githubgithub.com/xonoxitron/regreSSHion-checker★ 10githubgithub.com/P4x1s/CVE-2024-6387★ 8githubgithub.com/wiggels/regresshion-check★ 6githubgithub.com/azurejoga/CVE-2024-6387-how-to-fix★ 5githubgithub.com/MrR0b0t19/CVE-2024-6387-Exploit-POC★ 4githubgithub.com/kinu404/CVE-2024-6387★ 4githubgithub.com/paradessia/CVE-2024-6387-nmap★ 4githubgithub.com/harshinsecurity/sentinelssh★ 4githubgithub.com/th3gokul/CVE-2024-6387★ 4githubgithub.com/lala-amber/CVE-2024-6387★ 4githubgithub.com/BrandonLynch2402/cve-2024-6387-nuclei-template★ 3githubgithub.com/awusan125/test_for6387★ 3githubgithub.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit★ 3githubgithub.com/betancour/OpenSSH-Vulnerability-test★ 2githubgithub.com/ahlfors/CVE-2024-6387★ 2githubgithub.com/anhvutuan/CVE-2024-6387-poc-1★ 2githubgithub.com/OHHDamnBRO/Noregressh★ 2githubgithub.com/identity-threat-labs/CVE-2024-6387-Vulnerability-Checker★ 2githubgithub.com/Symbolexe/CVE-2024-6387★ 2githubgithub.com/prelearn-code/CVE-2024-6387★ 2githubgithub.com/Ap0dexMe0/CVE-2024-6387★ 2githubgithub.com/ACHUX21/checker-CVE-2024-6387★ 2githubgithub.com/grupooruss/CVE-2024-6387★ 2githubgithub.com/sardine-web/CVE-2024-6387-template★ 2githubgithub.com/muyuanlove/CVE-2024-6387fixshell★ 2githubgithub.com/redux-sibi-jose/mitigate_ssh★ 1githubgithub.com/7etsuo/cve-2024-6387-poc★ 1githubgithub.com/passwa11/cve-2024-6387-poc★ 1githubgithub.com/teamos-hub/regreSSHion★ 1githubgithub.com/R4Tw1z/CVE-2024-6387★ 1githubgithub.com/shamo0/CVE-2024-6387_PoC★ 1githubgithub.com/rumochnaya/openssh-cve-2024-6387.sh★ 1githubgithub.com/xristos8574/regreSSHion-nmap-scanner★ 1githubgithub.com/n1cks0n/Test_CVE-2024-6387★ 1githubgithub.com/RickGeex/CVE-2024-6387-Checker★ 1githubgithub.com/turbobit/CVE-2024-6387-OpenSSH-Vulnerability-Checker★ 1githubgithub.com/sardine-web/CVE-2024-6387_Check★ 1githubgithub.com/alex14324/ssh_poc2024★ 1githubgithub.com/X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker★ 1githubgithub.com/identity-threat-labs/Article-RegreSSHion-CVE-2024-6387★ 1githubgithub.com/xiw1ll/CVE-2024-6387_Checker★ 1githubgithub.com/t3rry327/cve-2024-6387-poc★ 0githubgithub.com/Remnant-DB/CVE-2024-6387★ 0githubgithub.com/CognisysGroup/CVE-2024-6387-Checker★ 0githubgithub.com/edsonjt81/CVE-2024-6387_Check★ 0githubgithub.com/imv7/CVE-2024-6387★ 0githubgithub.com/dawnl3ss/CVE-2024-6387★ 0githubgithub.com/no-one-sec/CVE-2024-6387★ 0githubgithub.com/vkaushik-chef/regreSSHion★ 0githubgithub.com/dgourillon/mitigate-CVE-2024-6387★ 0githubgithub.com/mrmtwoj/CVE-2024-6387★ 0githubgithub.com/particle99/CVE-2024-6387-POC★ 0githubgithub.com/kubota/CVE-2024-6387-Vulnerability-Checker★ 0githubgithub.com/DimaMend/cve-2024-6387-poc★ 0githubgithub.com/invaderslabs/regreSSHion-CVE-2024-6387-★ 0githubgithub.com/4lxprime/regreSSHive★ 0githubgithub.com/dream434/CVE-2024-6387★ 0githubgithub.com/hssmo/cve-2024-6387_AImade★ 0githubgithub.com/zenzue/CVE-2024-6387-Mitigation★ 0githubgithub.com/daniel-odrinski/CVE-2024-6387-Mitigation-Ansible-Playbook★ 0githubgithub.com/Doux-x/CVE-2024-6387-analysis★ 0githubgithub.com/kaleth4/CVE-2024-6387★ 0githubgithub.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH★ 0githubgithub.com/almogopp/OpenSSH-CVE-2024-6387-Fix★ 0githubgithub.com/HadesNull123/CVE-2024-6387_Check★ 0githubgithub.com/CiderAndWhisky/regression-scanner★ 0githubgithub.com/oseasfr/Scanner_CVE_OpenSSH★ 0githubgithub.com/Mufti22/CVE-2024-6387-checkher★ 0githubgithub.com/YassDEV221608/CVE-2024-6387★ 0githubgithub.com/jack0we/CVE-2024-6387★ 0githubgithub.com/FerasAlrimali/CVE-2024-6387-POC★ 0githubgithub.com/vuducmanhno100-cloud/CVE-2024-6387★ 0githubgithub.com/moften/regreSSHion-CVE-2024-6387★ 0githubgithub.com/jocker2410/CVE-2024-6387_poc★ 0githubgithub.com/JackSparrowhk/ssh-CVE-2024-6387-poc★ 0githubgithub.com/Ngagne-Demba-Dia/CVE-2024-6387-corrigee★ 0githubgithub.com/sms2056/CVE-2024-6387★ 0cve_referencewww.exploit-db.com/exploits/52269não verificadocve_referencepacketstorm.news/files/id/190587/não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2024:4312https://access.redhat.com/errata/RHSA-2024:4340https://access.redhat.com/errata/RHSA-2024:4389https://access.redhat.com/errata/RHSA-2024:4469https://access.redhat.com/errata/RHSA-2024:4474https://access.redhat.com/errata/RHSA-2024:4479https://access.redhat.com/errata/RHSA-2024:4484https://access.redhat.com/security/cve/CVE-2024-6387https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-serverhttps://bugzilla.redhat.com/show_bug.cgi?id=2294604