8.1

CVE-2024-6387

Media report
Exploit

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Data is provided by the National Vulnerability Database (NVD)
SonicwallSma 6200 Firmware Version-
   SonicwallSma 6200 Version-
SonicwallSma 7200 Firmware Version-
   SonicwallSma 7200 Version-
AristaEos Version >= 4.32.0 <= 4.32.1f
CanonicalUbuntu Linux Version23.10
CanonicalUbuntu Linux Version24.04 SwEditionlts
AlmalinuxAlmalinux Version9.0 Update-
SonicwallSma 6210 Firmware Version-
   SonicwallSma 6210 Version-
SonicwallSma 7210 Firmware Version-
   SonicwallSma 7210 Version-
SonicwallSma 8200v Firmware Version-
   SonicwallSma 8200v Version-
SonicwallSra Ex 7000 Firmware Version-
   SonicwallSra Ex 7000 Version-
NetappA1k Firmware Version-
   NetappA1k Version-
NetappA70 Firmware Version-
   NetappA70 Version-
NetappA90 Firmware Version-
   NetappA90 Version-
NetappA700s Firmware Version-
   NetappA700s Version-
Netapp8300 Firmware Version-
   Netapp8300 Version-
Netapp8700 Firmware Version-
   Netapp8700 Version-
NetappA400 Firmware Version-
   NetappA400 Version-
NetappC400 Firmware Version-
   NetappC400 Version-
NetappA250 Firmware Version-
   NetappA250 Version-
Netapp500f Firmware Version-
   Netapp500f Version-
NetappC250 Firmware Version-
   NetappC250 Version-
NetappA800 Firmware Version-
   NetappA800 Version-
NetappC800 Firmware Version-
   NetappC800 Version-
NetappA900 Firmware Version-
   NetappA900 Version-
NetappA9500 Firmware Version-
   NetappA9500 Version-
NetappC190 Firmware Version-
   NetappC190 Version-
NetappA150 Firmware Version-
   NetappA150 Version-
NetappA220 Firmware Version-
   NetappA220 Version-
NetappFas2720 Firmware Version-
   NetappFas2720 Version-
NetappFas2750 Firmware Version-
   NetappFas2750 Version-
NetappFas2820 Firmware Version-
   NetappFas2820 Version-
NetappBootstrap Os Version-
   NetappHci Compute Node Version-
ApplemacOS Version >= 12.0 < 12.7.6
ApplemacOS Version >= 13.0 < 13.6.8
ApplemacOS Version >= 14.0 < 14.6
OpenbsdOpenssh Version < 4.4
OpenbsdOpenssh Version >= 8.6 <= 9.8
OpenbsdOpenssh Version4.4 Update-
OpenbsdOpenssh Version8.5 Updatep1
OpenbsdOpenssh Version8.6 Update-
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Eus Version9.4
RedhatEnterprise Linux For Arm 64 Version9.0_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.4_aarch64
SuseLinux Enterprise Micro Version6.0
DebianDebian Linux Version12.0
CanonicalUbuntu Linux Version22.04 SwEditionlts
CanonicalUbuntu Linux Version22.10 SwEdition-
CanonicalUbuntu Linux Version23.04 SwEditionlts
AmazonAmazon Linux Version2023.0
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappE-series Santricity Os Controller Version >= 11.0.0 <= 11.70.2
NetappOntap Version9
NetappOntap Tools Version9 SwPlatformvmware_vsphere
NetappOntap Tools Version10 SwPlatformvmware_vsphere
FreebsdFreebsd Version13.2 Update-
FreebsdFreebsd Version13.2 Updatep1
FreebsdFreebsd Version13.2 Updatep10
FreebsdFreebsd Version13.2 Updatep11
FreebsdFreebsd Version13.2 Updatep2
FreebsdFreebsd Version13.2 Updatep3
FreebsdFreebsd Version13.2 Updatep4
FreebsdFreebsd Version13.2 Updatep5
FreebsdFreebsd Version13.2 Updatep6
FreebsdFreebsd Version13.2 Updatep7
FreebsdFreebsd Version13.2 Updatep8
FreebsdFreebsd Version13.2 Updatep9
FreebsdFreebsd Version13.3 Update-
FreebsdFreebsd Version13.3 Updatep1
FreebsdFreebsd Version13.3 Updatep2
FreebsdFreebsd Version13.3 Updatep3
FreebsdFreebsd Version14.0 Update-
FreebsdFreebsd Version14.0 Updatebeta5
FreebsdFreebsd Version14.0 Updatep1
FreebsdFreebsd Version14.0 Updatep2
FreebsdFreebsd Version14.0 Updatep3
FreebsdFreebsd Version14.0 Updatep4
FreebsdFreebsd Version14.0 Updatep5
FreebsdFreebsd Version14.0 Updatep6
FreebsdFreebsd Version14.0 Updatep7
FreebsdFreebsd Version14.0 Updaterc3
FreebsdFreebsd Version14.0 Updaterc4-p1
FreebsdFreebsd Version14.1 Update-
FreebsdFreebsd Version14.1 Updatep1
NetbsdNetbsd Version <= 10.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 38.58% 0.971
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-364 Signal Handler Race Condition

The product uses a signal handler that introduces a race condition.

https://www.openssh.com/txt/release-9.8
Third Party Advisory
Release Notes
https://www.theregister.com/2024/07/01/regresshion_openssh/
Third Party Advisory
Press/Media Coverage