CVE-2024-6387: OpenSSH Remote Code Execution Vulnerability

Jul 03, 2024 GMT+08:00

I. Overview

OpenSSH has issued an advisory regarding a critical security vulnerability identified as CVE-2024-6387. This vulnerability affects sshd versions from 8.5p1 through 9.8p1 (excluded). It arises from a race condition in signal handler processing, which could potentially allow an unauthenticated remote attacker to execute code with root privileges on the affected Linux system. Vulnerability details and PoC have been disclosed, and the risk is high. If you are a Linux kernel user, check your system and implement timely security hardening.

Reference:

https://www.openssh.com/security.html

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

8.5p1 <= OpenSSH < 9.8p1

Secure versions:

OpenSSH >= 9.8p1

IV. Vulnerability Handling

This vulnerability has been fixed in later official versions. If your service version falls into the affected range, upgrade it to a latest secure version.

https://www.openssh.com/releasenotes.html

To obtain the fixed versions provided by Linux vendors, see the security advisories of Red Hat, Ubuntu, SUSE, and Debian.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.

Huawei Cloud Host Security Service (HSS) enterprise edition or higher editions can detect the OpenSSH remote code execution vulnerability (CVE-2024-6387).

For details, see https://support.huaweicloud.com/intl/en-us/usermanual-hss2.0/hss_01_0412.html.