CVE-2024-6387: RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling

Overview

Severity

High (CVSS 8.1)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Category

Remote Code Execution

Exploit Status

Not Exploited

Patch Tuesday

2024-Jul

Released

2024-07-11

Last Updated

2024-09-19

EPSS Score

44.59% (percentile: 97.6%)

FAQ

Why is the Red Hat Inc. the assigning CNA (CVE Numbering Authority)? CVE-2024-6387 is regarding a vulnerability in OppenSSH's server (sshd). Red Hat created this CVE on its behalf. Is Microsoft Windows vulnerable to CVE-2024-6387? No, Microsoft Windows is not affected by this vulnerability. Although Windows contains an OpenSSH component, the vulnerable code cannot be exploited or controlled by an adversary. The race condition used in this exploit is not possible in Windows because of significant differences with login grace timeout handling in the win32-openssh implementation. Is the update for Azure Kubernetes Service Nodes on Ubuntu Linux currently available? The security update for Azure Kubernetes Service (AKS) Nodes on Ubuntu Linux is currently being deployed but may not yet be available depending on your resource's deployment region. The deployment will be completed as soon as possible and customers can check the availability of the update here: AKS Release Tracker

Detection & Weaponization (2 sources)

Maturity: Detection

• YARA rules: CRAIU_Exploit_CVE_2024_6387
• GitHub PoC: 93 repositories

Affected Products (7)

Mariner

• CBL Mariner 2.0 ARM
• CBL Mariner 2.0 x64

Azure

• Azure Kubernetes Service Node on Azure Linux
• Azure Kubernetes Service Node on Ubuntu Linux
• Azure Arc Resource Bridge on Azure Arc-enabled VMware vSphere
• Azure Arc Resource Bridge on Azure Arc-enabled System Center Virtual Machine Manager
• Azure Arc Resource Bridge on Azure Stack HCI

Security Updates (3)

• Release Notes
• Release Notes
• Release Notes

Revision History

• 2024-07-11: Information published.
• 2024-07-15: Updated FAQ information. This is an informational change only.
• 2024-08-01: In the Security Updates table, added Azure Arc Resource Bridge and Azure Kubernetes Service Nodes because these product are also affected by this vulnerability. Microsoft strongly recommends that customers using these products install the updates to be fully protected from the vulnerability.
• 2024-09-19: Microsoft is announcing the availability of the security update for Azure Arc Resource Bridge installed on Azure Stack HCI to address this vulnerability. Customers running Azure Arc Resource Bridge should install the Azure Stack HCI 2408 update to be protected from this vulnerability.