长亭百川云

长亭百川云

技术讨论长亭漏洞情报库IP 威胁情报在线工具
高危

OpenSSH 远程代码执行漏洞

披露时间:
2024-07-01
更新时间:
2024-07-01
CT 编号
CT-1351966
CVE 编号
CVE-2024-6387
CNVD 编号
CNVD-2024-29805
CNNVD 编号
CNNVD-202407-017
原理分类
条件竞争
漏洞评分
10

漏洞描述

CVE-2024-6387 是 OpenSSH 服务器中的一个严重漏洞,影响基于 glibc 的 Linux 系统。攻击者可以利用该漏洞在无需认证的情况下,通过竞态条件远程执行任意代码,获得系统控制权。这个漏洞源于处理超时信号时的不安全操作,最早在 OpenSSH 8.5p1 版本中引入。

漏洞危害

可能导致包括但不限于以下危害:

  1. 敏感信息泄露:攻击者可能利用条件竞争漏洞读取未授权的数据,如用户信息、系统配置等。
  2. 未授权的数据篡改:攻击者可能通过漏洞修改数据,造成数据不一致或者系统状态改变。
  3. 服务拒绝:攻击者可能利用条件竞争漏洞导致服务不可用,影响正常用户的使用。
  4. 权限提升:在某些情况下,攻击者可能利用条件竞争漏洞获得更高级别的权限,执行本不应该允许的操作。

修复方法

一、临时缓解方案
如果暂时无法更新或重新编译 sshd

  1. 可以在配置文件中将 LoginGraceTime 设置为 0(永不超时)。这样虽然会使 sshd 暴露于拒绝服务攻击(占满所有 Startups 连接),但可以避免远程代码执行风险。
  2. 启用 fail2ban 等防护机制,封禁发生过多次失败登录 ssh 尝试的来源 IP。

二、升级修复方案
将 OpenSSH 更新到最新版本 9.8 或者各发行版本的修复版本。

参考链接

e-unauthenticated-code-execution-vulnerability-in-openssh-server
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
http://www.openwall.com/lists/oss-security/2024/07/01/12
http://www.openwall.com/lists/oss-security/2024/07/01/13
http://www.openwall.com/lists/oss-security/2024/07/02/1
http://www.openwall.com/lists/oss-security/2024/07/03/1
http://www.openwall.com/lists/oss-security/2024/07/03/11
http://www.openwall.com/lists/oss-security/2024/07/03/2
http://www.openwall.com/lists/oss-security/2024/07/03/3
http://www.openwall.com/lists/oss-security/2024/07/03/4
http://www.openwall.com/lists/oss-security/2024/07/03/5
http://www.openwall.com/lists/oss-security/2024/07/04/1
http://www.openwall.com/lists/oss-security/2024/07/04/2
http://www.openwall.com/lists/oss-security/2024/07/08/2
http://www.openwall.com/lists/oss-security/2024/07/08/3
http://www.openwall.com/lists/oss-security/2024/07/09/2
http://www.openwall.com/lists/oss-security/2024/07/09/5
http://www.openwall.com/lists/oss-security/2024/07/10/1
http://www.openwall.com/lists/oss-security/2024/07/10/2
http://www.openwall.com/lists/oss-security/2024/07/10/3
http://www.openwall.com/lists/oss-security/2024/07/10/4
http://www.openwall.com/lists/oss-security/2024/07/10/6
http://www.openwall.com/lists/oss-security/2024/07/11/1
http://www.openwall.com/lists/oss-security/2024/07/11/3
http://www.openwall.com/lists/oss-security/2024/07/23/4
http://www.openwall.com/lists/oss-security/2024/07/23/6
http://www.openwall.com/lists/oss-security/2024/07/28/2
http://www.openwall.com/lists/oss-security/2024/07/28/3
https://access.redhat.com/errata/RHSA-2024:4312
https://access.redhat.com/errata/RHSA-2024:4340
https://access.redhat.com/errata/RHSA-2024:4389
https://access.redhat.com/errata/RHSA-2024:4469
https://access.redhat.com/errata/RHSA-2024:4474
https://access.redhat.com/errata/RHSA-2024:4479
https://access.redhat.com/errata/RHSA-2024:4484
https://access.redhat.com/security/cve/CVE-2024-6387
https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/
https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remot
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
https://bugzilla.redhat.com/show_bug.cgi?id=2294604
https://explore.alas.aws.amazon.com/CVE-2024-6387.html
https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132
https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc
https://github.com/AlmaLinux/updates/issues/629
https://github.com/Azure/AKS/issues/4379
https://github.com/PowerShell/Win32-OpenSSH/discussions/2248
https://github.com/PowerShell/Win32-OpenSSH/issues/2249
https://github.com/microsoft/azurelinux/issues/9555
https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09
https://github.com/oracle/oracle-linux/issues/149
https://github.com/rapier1/hpn-ssh/issues/87
https://github.com/zgzhang/cve-2024-6387-poc
https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/
https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html
https://news.ycombinator.com/item?id=40843778
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010
https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
https://security-tracker.debian.org/tracker/CVE-2024-6387
https://security.netapp.com/advisory/ntap-20240701-0001/
https://sig-security.rocky.page/issues/CVE-2024-6387/
https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/
https://support.apple.com/kb/HT214118
https://support.apple.com/kb/HT214119
https://support.apple.com/kb/HT214120
https://ubuntu.com/security/CVE-2024-6387
https://ubuntu.com/security/notices/USN-6859-1
https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do
https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100
https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc
https://www.openssh.com/txt/release-9.8
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html
https://www.suse.com/security/cve/CVE-2024-6387.html
https://www.theregister.com/2024/07/01/regresshion_openssh/
https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387

评分维度

长亭安全产品覆盖情况

雷池(SafeLine)下一代Web应用防火墙
洞鉴(X-Ray)安全评估系统
云图(Cloud Atlas)攻击面管理运营平台
牧云(CloudWalker) 主机安全管理平台
全悉(T-ANSWER)高级威胁分析预警系统
谛听(D-Sensor) 伪装欺骗系统

漏洞时间线

  • 漏洞披露

    2024-07-01

  • 漏洞信息更新

    2024-07-01

热门产品
雷池 WAF 社区版
IP 威胁情报
网站安全监测
百川漏扫服务
云堡垒机
百川云
技术文档
开发工具
长亭漏洞情报库
网安百科
安全社区
CT STACK 安全社区
雷池社区版
XRAY 扫描工具
长亭科技
长亭科技官网
万众合作伙伴商城
长亭 BBS 论坛
友情链接
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服
Copyright ©2024 北京长亭科技有限公司
icon
京ICP备2024055124号-2