- CVE ID: CVE-2024-6387
- Vulnerability Severity: Critical
- Exploit Complexity: Difficult
- Disclosure Date: 2024-07-01
- Remediation Priority: High
- Patch Status: Official patch available
Related Links
https://www.cve.org/CVERecord?id=CVE-2024-6387
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
https://ubuntu.com/security/CVE-2024-6387
1. Vulnerability Description
OpenSSH is a collection of tools for secure network communication, providing functions including remote login, remote command execution, and file transfer, among others.
On July 1, 2024, the OpenSSH official project released a security advisory disclosing CVE-2024-6387, a remote code execution vulnerability affecting OpenSSH Server. The vulnerability is caused by a race condition. Successful exploitation requires multiple attempts and bypassing relevant system protection measures (such as ASLR), making it significantly difficult to exploit.
2. Affected Versions
8.5p1 <= OpenSSH < 9.8p1
Affected distributions include Debian 12, RHEL/AlmaLinux/RockyLinux/CentOS Stream 9, Ubuntu 22.04/23.10/24.04
For the dnf package manager, you can use the rpm -q openssh command to check your current installed version.
For the apt package manager, you can use the dpkg -l | grep openssh command to check your current installed version.
3. Fix Solution
Most distribution maintainers have released updated software packages. Run apt update && apt upgrade -y or dnf makecache && dnf update -y to upgrade OpenSSH-related packages to the latest version to resolve the issue.
Below are fixed version numbers for some distributions for reference:
Ubuntu 22.04: 8.9p1-3ubuntu0.10
Ubuntu 23.10: 9.3p1-1ubuntu3.6
Ubuntu 24.04: 9.6p1-3ubuntu13.3
Debian 12: 9.2p1-2+deb12u3
AlmaLinux 9: 8.7p1-38.el9.alma.2
RockyLinux 9: 8.7p1-38.el9_4.security.0.5
If you cannot upgrade your OpenSSH version, you can apply the following mitigation:
Set LoginGraceTime to 0 in /etc/ssh/sshd_config. This will leave sshd vulnerable to denial-of-service attacks (by exhausting all MaxStartups connections), but it prevents exploitation of this vulnerability.