高危 OpenSSH Server 远程代码执行漏洞(CVE-2024-6387)

CVE编号

CVE-2024-6387

利用情况

POC 已公开

补丁情况

官方补丁

披露时间

2024-07-01
漏洞描述
OpenSSH是一套用于安全网络通信的工具,提供了包括远程登录、远程执行命令、文件传输等功能

2024年7月1日,OpenSSH 官方发布安全通告,披露CVE-2024-6387 OpenSSH Server 远程代码执行漏洞。 漏洞成因为条件竞争,因此若要成功利用该漏洞,需要经过多次尝试,并需要绕过相关系统保护措施(如ASLR),在实际网络环境下利用难度较大,目前仅有针对32位机器的利用方案。

同时基于代码引入时间、系统保护措施、系统安装OpenSSH版本等,目前已知 CentOS 7/8、RedHat 6/7/8等系统默认安装的OpenSSH Server、Windows操作系统上的OpenSSH Server等均不受该漏洞影响。

OpenSSH官方及各操作系统发行方已发布安全更新,建议相关受影响客户进行更新升级。


影响范围

8.5p1 <= OpenSSH < 9.8p1
解决建议
1、升级OpenSSH至安全版本9.8及其以上,或者各发行版本的安全修复版本。
2、若暂无法升级,建议使用安全组设置OpenSSH端口仅对可信地址开放。
3、应用漏洞暂只支持获取openssh自身版本,若您确定已为各发行版本安全修复版本,可予忽略。
参考链接
hhttps://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
http://www.openwall.com/lists/oss-security/2024/07/01/12
http://www.openwall.com/lists/oss-security/2024/07/01/13
http://www.openwall.com/lists/oss-security/2024/07/02/1
http://www.openwall.com/lists/oss-security/2024/07/03/1
http://www.openwall.com/lists/oss-security/2024/07/03/11
http://www.openwall.com/lists/oss-security/2024/07/03/2
http://www.openwall.com/lists/oss-security/2024/07/03/3
http://www.openwall.com/lists/oss-security/2024/07/03/4
http://www.openwall.com/lists/oss-security/2024/07/03/5
http://www.openwall.com/lists/oss-security/2024/07/04/1
http://www.openwall.com/lists/oss-security/2024/07/04/2
http://www.openwall.com/lists/oss-security/2024/07/08/2
http://www.openwall.com/lists/oss-security/2024/07/08/3
http://www.openwall.com/lists/oss-security/2024/07/09/2
http://www.openwall.com/lists/oss-security/2024/07/09/5
http://www.openwall.com/lists/oss-security/2024/07/10/1
http://www.openwall.com/lists/oss-security/2024/07/10/2
http://www.openwall.com/lists/oss-security/2024/07/10/3
http://www.openwall.com/lists/oss-security/2024/07/10/4
http://www.openwall.com/lists/oss-security/2024/07/10/6
http://www.openwall.com/lists/oss-security/2024/07/11/1
http://www.openwall.com/lists/oss-security/2024/07/11/3
http://www.openwall.com/lists/oss-security/2024/07/23/4
http://www.openwall.com/lists/oss-security/2024/07/23/6
http://www.openwall.com/lists/oss-security/2024/07/28/2
http://www.openwall.com/lists/oss-security/2024/07/28/3
https://access.redhat.com/errata/RHSA-2024:4312
https://access.redhat.com/errata/RHSA-2024:4340
https://access.redhat.com/errata/RHSA-2024:4389
https://access.redhat.com/errata/RHSA-2024:4469
https://access.redhat.com/errata/RHSA-2024:4474
https://access.redhat.com/errata/RHSA-2024:4479
https://access.redhat.com/errata/RHSA-2024:4484
https://access.redhat.com/security/cve/CVE-2024-6387
https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgra...
https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh...
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshio...
https://bugzilla.redhat.com/show_bug.cgi?id=2294604
https://explore.alas.aws.amazon.com/CVE-2024-6387.html
https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132
https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc
https://github.com/AlmaLinux/updates/issues/629
https://github.com/Azure/AKS/issues/4379
https://github.com/microsoft/azurelinux/issues/9555
https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e...
https://github.com/oracle/oracle-linux/issues/149
https://github.com/PowerShell/Win32-OpenSSH/discussions/2248
https://github.com/PowerShell/Win32-OpenSSH/issues/2249
https://github.com/rapier1/hpn-ssh/issues/87
https://github.com/zgzhang/cve-2024-6387-poc
https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread...
https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html
https://news.ycombinator.com/item?id=40843778
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010
https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
https://security-tracker.debian.org/tracker/CVE-2024-6387
https://security.netapp.com/advisory/ntap-20240701-0001/
https://sig-security.rocky.page/issues/CVE-2024-6387/
https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/
https://support.apple.com/kb/HT214118
https://support.apple.com/kb/HT214119
https://support.apple.com/kb/HT214120
https://ubuntu.com/security/CVE-2024-6387
https://ubuntu.com/security/notices/USN-6859-1
https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regr...
https://www.arista.com/en/support/advisories-notices/security-advisory/19904-...
https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc
https://www.openssh.com/txt/release-9.8
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerab...
https://www.suse.com/security/cve/CVE-2024-6387.html
https://www.theregister.com/2024/07/01/regresshion_openssh/
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 netapp e-series_santricity_os_controller * From
(including)
11.0.0 		Up to
(including)
11.70.2
运行在以下环境
应用 netapp ontap_select_deploy_administration_utility - -
运行在以下环境
应用 netapp ontap_tools 9 -
运行在以下环境
应用 openbsd openssh * Up to
(excluding)
4.4
运行在以下环境
应用 openbsd openssh * From
(including)
8.6 		Up to
(excluding)
9.8
运行在以下环境
应用 openbsd openssh 4.4 -
运行在以下环境
应用 openbsd openssh 8.5 -
运行在以下环境
应用 openbsd openssh 9.8 -
运行在以下环境
应用 redhat openshift_container_platform 4.0 -
运行在以下环境
系统 alma_linux_9 openssh * Up to
(excluding)
8.7p1-38.el9_4.1
运行在以下环境
系统 alpine_3.17 openssh * Up to
(excluding)
9.1_p1-r6
运行在以下环境
系统 alpine_3.18 openssh * Up to
(excluding)
9.3_p2-r2
运行在以下环境
系统 alpine_3.19 openssh * Up to
(excluding)
9.6_p1-r1
运行在以下环境
系统 alpine_3.20 openssh * Up to
(excluding)
9.7_p1-r4
运行在以下环境
系统 amazon_2023 openssh * Up to
(excluding)
8.7p1-8.amzn2023.0.11
运行在以下环境
系统 debian_11 openssh * Up to
(excluding)
8.4p1-5+deb11u3
运行在以下环境
系统 debian_12 openssh * Up to
(excluding)
9.2p1-2+deb12u3
运行在以下环境
系统 fedora_39 openssh * Up to
(excluding)
9.3p1-11.fc39
运行在以下环境
系统 fedora_40 openssh * Up to
(excluding)
9.6p1-1.fc40.4
运行在以下环境
系统 opensuse_Leap_15.6 6p1 * Up to
(excluding)
150600.6.3.1
运行在以下环境
系统 redhat_9 openssh * Up to
(excluding)
8.7p1-38.el9_4.1
运行在以下环境
系统 ubuntu_22.04 openssh * Up to
(excluding)
8.9p1-3ubuntu0.10
阿里云评分
7.8
  • 攻击路径
    远程
  • 攻击复杂度
    困难
  • 权限要求
    无需权限
  • 影响范围
    全局影响
  • EXP成熟度
    POC 已公开
  • 补丁情况
    官方补丁
  • 数据保密性
    数据泄露
  • 数据完整性
    传输被破坏
  • 服务器危害
    服务器失陷
  • 全网数量
    N/A
CWE-ID 漏洞类型
CWE-362 使用共享资源的并发执行不恰当同步问题(竞争条件)
CWE-364 信号处理例程中的竞争条件
阿里云安全产品覆盖情况