CVE-2024-6387 (regreSSHion)

CVSS v3.1 8.1 (High)

EPSS 71.47 % (98^th)

Affected Products 20

Advisories 16

NVD Status Modified

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Weaknesses

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-364: Signal Handler Race Condition

Alias

regreSSHion

Related CVEs

CVE Status: PUBLISHED
NVD Status: Modified
CNA: Red Hat, Inc.
Published Date: 2024-07-01 13:15:06
(2 months ago)
Updated Date: 2024-07-30 02:15:08
(5 weeks ago)

Affected Products

Netapp

Netbsd

Netbsd

Openbsd

Openssh

Redhat

Suse

Linux Enterprise Micro

Configuration #1

	CPE23	From	Up To
Openbsd Openssh prior 4.4 version	cpe:2.3:a:openbsd:openssh		< 4.4
Openbsd Openssh from 8.6 version and prior 9.8 version	cpe:2.3:a:openbsd:openssh	>= 8.6	< 9.8
Openbsd Openssh 4.4	cpe:2.3:a:openbsd:openssh:4.4:-
Openbsd Openssh 8.5 P1	cpe:2.3:a:openbsd:openssh:8.5:p1

Configuration #2

		CPE23	From	Up To
	Redhat Openshift Container Platform 4.0	cpe:2.3:a:redhat:openshift_container_platform:4.0
	Redhat Enterprise Linux 9.0	cpe:2.3:o:redhat:enterprise_linux:9.0
	Redhat Enterprise Linux Eus 9.4	cpe:2.3:o:redhat:enterprise_linux_eus:9.4
	Redhat Enterprise Linux for Arm 64 9.0 Aarch64	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64
	Redhat Enterprise Linux for Arm 64 Eus 9.4 Aarch64	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64
	Redhat Enterprise Linux for Ibm Z Systems 9.0 S390x	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x
	Redhat Enterprise Linux for Ibm Z Systems Eus 9.4 S390x	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x
	Redhat Enterprise Linux for Power Little Endian 9.0 Ppc64le	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le
	Redhat Enterprise Linux for Power Little Endian Eus 9.4 Ppc64le	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le
	Redhat Enterprise Linux Server Aus 9.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4

Configuration #3

		CPE23	From	Up To
	Suse Linux Enterprise Micro 6.0	cpe:2.3:o:suse:linux_enterprise_micro:6.0

Configuration #4

		CPE23	From	Up To
	Debian Linux 12.0	cpe:2.3:o:debian:debian_linux:12.0

Configuration #5

		CPE23	From	Up To
	Canonical Ubuntu Linux 22.04	cpe:2.3:o:canonical:ubuntu_linux:22.04:::*:lts
	Canonical Ubuntu Linux 22.10	cpe:2.3:o:canonical:ubuntu_linux:22.10:::*:-
	Canonical Ubuntu Linux 23.04	cpe:2.3:o:canonical:ubuntu_linux:23.04:::*:lts

Configuration #6

		CPE23	From	Up To
	Amazon Linux 2023	cpe:2.3:o:amazon:linux_2023:-

Configuration #7

	CPE23	From	Up To
Netapp E-series Santricity Os Controller from 11.0.0 version and 11.70.2 and prior versions	cpe:2.3:a:netapp:e-series_santricity_os_controller	>= 11.0.0	<= 11.70.2
Netapp Ontap Select Deploy Administration Utility	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-
Netapp Ontap Tools 9 for Vmware Vsphere	cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere

Configuration #8

		CPE23	From	Up To
	Freebsd 13.2	cpe:2.3:o:freebsd:freebsd:13.2:-
	Freebsd 13.2 P1	cpe:2.3:o:freebsd:freebsd:13.2:p1
	Freebsd 13.2 P10	cpe:2.3:o:freebsd:freebsd:13.2:p10
	Freebsd 13.2 P11	cpe:2.3:o:freebsd:freebsd:13.2:p11
	Freebsd 13.2 P2	cpe:2.3:o:freebsd:freebsd:13.2:p2
	Freebsd 13.2 P3	cpe:2.3:o:freebsd:freebsd:13.2:p3
	Freebsd 13.2 P4	cpe:2.3:o:freebsd:freebsd:13.2:p4
	Freebsd 13.2 P5	cpe:2.3:o:freebsd:freebsd:13.2:p5
	Freebsd 13.2 P6	cpe:2.3:o:freebsd:freebsd:13.2:p6
	Freebsd 13.2 P7	cpe:2.3:o:freebsd:freebsd:13.2:p7
	Freebsd 13.2 P8	cpe:2.3:o:freebsd:freebsd:13.2:p8
	Freebsd 13.2 P9	cpe:2.3:o:freebsd:freebsd:13.2:p9
	Freebsd 13.3	cpe:2.3:o:freebsd:freebsd:13.3:-
	Freebsd 13.3 P1	cpe:2.3:o:freebsd:freebsd:13.3:p1
	Freebsd 13.3 P2	cpe:2.3:o:freebsd:freebsd:13.3:p2
	Freebsd 13.3 P3	cpe:2.3:o:freebsd:freebsd:13.3:p3
	Freebsd 14.0	cpe:2.3:o:freebsd:freebsd:14.0:-
	Freebsd 14.0 Beta5	cpe:2.3:o:freebsd:freebsd:14.0:beta5
	Freebsd 14.0 P1	cpe:2.3:o:freebsd:freebsd:14.0:p1
	Freebsd 14.0 P2	cpe:2.3:o:freebsd:freebsd:14.0:p2
	Freebsd 14.0 P3	cpe:2.3:o:freebsd:freebsd:14.0:p3
	Freebsd 14.0 P4	cpe:2.3:o:freebsd:freebsd:14.0:p4
	Freebsd 14.0 P5	cpe:2.3:o:freebsd:freebsd:14.0:p5
	Freebsd 14.0 P6	cpe:2.3:o:freebsd:freebsd:14.0:p6
	Freebsd 14.0 P7	cpe:2.3:o:freebsd:freebsd:14.0:p7
	Freebsd 14.0 Rc3	cpe:2.3:o:freebsd:freebsd:14.0:rc3
	Freebsd 14.0 Rc4-p1	cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1
	Freebsd 14.1	cpe:2.3:o:freebsd:freebsd:14.1:-
	Freebsd 14.1 P1	cpe:2.3:o:freebsd:freebsd:14.1:p1

Configuration #9

		CPE23	From	Up To
	Netbsd 10.0.0 and prior versions	cpe:2.3:o:netbsd:netbsd		<= 10.0.0