OpenSSH on RHEL: signal handler race condition in OpenSSH (CVE-2024-6387) #shorts #breaking
CVE
This CVE relates to a newly identified vulnerability known as CVE-2024-6387 in OpenSSH, which is specifically a signal handler race condition. This issue is found in OpenSSH's server-side application, sshd. If a client doesn't authenticate within a time window called LoginGraceTime, a default of 120 seconds in modern versions of OpenSSH, an asynchronous signal handler is triggered. Unfortunately, this handler executes functions that are not safe to be called in such asynchronous contexts, like syslog(). This flaw makes it possible for attackers to exploit this timing vulnerability to execute remote code. Users of OpenSSH on Linux systems that are based on glibc, particularly those using Red Hat Enterprise Linux versions 6, 7, 8, and 9, could be impacted.
Watch the full video on YouTube: CVE-2024-6387
Remediation and exploitation details
This chain involves the following actors
This following systems are involved
Attack entry point
Remediation actions
Exploitation actions
Related Content
NOTE: The following related content has not been vetted and may be unsafe.
- https://access.redhat.com/errata/RHSA-2024:4312
- https://access.redhat.com/errata/RHSA-2024:4340
- https://access.redhat.com/errata/RHSA-2024:4389
- https://access.redhat.com/errata/RHSA-2024:4469
- https://access.redhat.com/errata/RHSA-2024:4474
- https://access.redhat.com/errata/RHSA-2024:4479
- https://access.redhat.com/errata/RHSA-2024:4484
- https://access.redhat.com/security/cve/CVE-2024-6387
- https://bugzilla.redhat.com/show_bug.cgi?id=2294604
- https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
- https://www.openssh.com/txt/release-9.8
- https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt