OpenSSH Security Advisory (CVE-2024-6387)

Jul 02 2024

Overview

A race condition vulnerability has been discovered in the signal handler of sshd, an OpenSSH server. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2024-6387

OpenSSH 8.5p1 ~ 9.7p1 (inclusive)

Resolved Vulnerabilities

Vulnerability in sshd in OpenSSH due to a signal handler race condition that causes an asynchronous signal-insecure function call if the client does not authenticate within the authentication time (CVE-2024-6387)
the vulnerability could potentially lead to remote code execution in glibc.
on average, it takes ~10,000 attempts to satisfy the race condition, i.e. 100 connections are accepted per 120 seconds, and on average it takes ~3-4 hours to satisfy the race condition and ~6-8 hours to obtain a remote root shell.

vulnerability Workaround

If sshd(8) is unable to be updated, this signal handler race condition can be mitigated by setting LoginGraceTime to 0 in /etc/ssh/sshd_config and restarting sshd(8). this leaves sshd(8) vulnerable to a denial of service (exhausting all MaxStartups connections), but safe from the remote code execution presented in this advisory.
the following are the steps to mitigate the vulnerability

1) Open /etc/ssh/sshd_config as the root user.

2) Add or edit the parameter configuration.

loginGraceTime 0

3) Save and close the file.

4) Restart the sshd daemon.

systemctl restart sshd.service

Vulnerability Patches

CVE-2024-6387

OpenSSH 9.8, 9.8p1

references

[1] CVE-2024-6387 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-6387

[2] openssh
https://www.openssh.com/txt/release-9.8

[3] openssh
https:// http://www.openssh.com/releasenotes.html#9.8p1

OpenSSH Security Advisory (CVE-2024-6387)

Fortra Product Security Update Advisory (CVE-2024-5276)

Spotfire Family Security Update Advisory (CVE-2024-3330)

Tags:

Fortra Product Security Update Advisory (CVE-2024-5276)

Spotfire Family Security Update Advisory (CVE-2024-3330)