PT-2024-4415 · Openssh+11 · Openssh+11
Smartkeyss
·
Published
2006-09-29
·
Updated
2026-03-09
·
CVE-2024-6387
CVSS v3.1
8.1
8.1
High
| Base vector | Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenSSH versions prior to 9.6p1-2+deb12u3
runC versions affected not specified
Alma Linux (affected versions not specified)
FreeBSD (affected versions not specified)
OpenSUSE (affected versions not specified)
SUSE (affected versions not specified)
MosOS (affected versions not specified)
Description
OpenSSH is susceptible to multiple vulnerabilities, including a signal handler race condition that could lead to remote code execution. This flaw occurs when a client fails to authenticate within the LoginGraceTime, potentially allowing an unauthenticated attacker to execute arbitrary code with root privileges. Additionally, vulnerabilities exist related to double-free issues in the
order hostkeyalgs()list hostkey types()ssh-agentRecommendations
Upgrade OpenSSH to version 9.6p1-2+deb12u3 or later.
Update runC to address the file descriptor leak.
Apply available security updates for Alma Linux, FreeBSD, OpenSUSE, SUSE, and MosOS.
Exploit
Fix
RCE
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
ALSA-2021_4368
ALSA-2022_2013
ALSA-2023_2645
ALSA-2023_4412
ALSA-2023_4419
ALSA-2024:4312
ALSA-2024_0606
ALSA-2024_0628
ALSA-2024_0670
ALSA-2024_0748
ALSA-2024_0752
ALSA-2024_1130
ALSA-2024_1150
ALSA-2024_3166
ALSA-2024_4312
ALSA-2025_16880
ALT-PU-2024-17672
ALT-PU-2024-3921
ALT-PU-2024-4077
ALT-PU-2024-4467
ALT-PU-2024-9505
ALT-PU-2024-9513
BDU:2024-04914
BDU:2024-06777
CVE-2024-6387
DSA-5724-1
ELSA-2024-12468
ELSA-2024-4312
FREEBSD-SA-24_04
INFSA-2024_4312
MGASA-2024-0250
OESA-2024-1781
OESA-2024-1782
OESA-2024-1783
OESA-2024-1784
OPENSUSE-SU-2024:14088-1
OPENSUSE-SU-2024_2275-1
OPENSUSE-SU-2024_2275-2
RHSA-2006_0697
RHSA-2024:4312
RHSA-2024:4340
RHSA-2024:4389
RHSA-2024_4312
SUSE-SU-2024:2275-1
SUSE-SU-2024:2275-2
SUSE-SU-2024_2275-1
USN-6859-1
Affected Products
Alt Linux
Almalinux
Astra Linux
Freebsd
Ibm Aix
Linuxmint
Apple Macos
Openssh
Red Hat
Red Os
Suse
Ubuntu
References · 601
- 🔥 https://github.com/zgzhang/cve-2024-6387-poc⭐ 492 🔗 184 · Exploit
- 🔥 https://github.com/xaitax/CVE-2024-6387_Check⭐ 509 🔗 95 · Exploit
- 🔥 https://github.com/acrono/cve-2024-6387-poc⭐ 386 🔗 87 · Exploit
- 🔥 https://github.com/asterictnl-lvdw/CVE-2024-6387⭐ 165 🔗 43 · Exploit
- 🔥 https://github.com/lflare/cve-2024-6387-poc⭐ 125 🔗 41 · Exploit
- 🔥 https://github.com/l0n3m4n/CVE-2024-6387⭐ 94 🔗 33 · Exploit
- 🔥 https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker⭐ 98 🔗 17 · Exploit
- 🔥 https://github.com/theaog/spirit⭐ 77 🔗 13 · Exploit
- 🔥 https://github.com/xonoxitron/regreSSHion⭐ 62 🔗 11 · Exploit
- 🔥 https://github.com/d0rb/CVE-2024-6387⭐ 49 🔗 14 · Exploit
- 🔥 https://github.com/bigb0x/CVE-2024-6387⭐ 35 🔗 8 · Exploit
- 🔥 https://github.com/getdrive/CVE-2024-6387-PoC⭐ 24 🔗 2 · Exploit
- 🔥 https://github.com/YassDEV221608/CVE-2024-6387_PoC⭐ 15 🔗 10 · Exploit
- 🔥 https://github.com/sxlmnwb/CVE-2024-6387⭐ 16 🔗 7 · Exploit
- 🔥 https://github.com/thegenetic/CVE-2024-6387-exploit⭐ 15 🔗 4 · Exploit