一、 漏洞 CVE-2024-6387 基础信息
漏洞信息
# OpenSSH:regresshion - SSH中的竞态条件导致RCE/DoS
## 漏洞概述
OpenSSH服务端(sshd)中发现了一个安全回归漏洞(CVE-2006-5051)。存在竞态条件(race condition),导致sshd在处理某些信号时方式不安全。未经身份验证的远程攻击者可能通过在设定时间内未能完成身份验证来触发此漏洞。
## 影响版本
未指定具体影响版本,但漏洞存在于OpenSSH的sshd中。
## 漏洞细节
此漏洞由竞态条件引起,导致sshd在处理某些信号时可能存在不安全的方式。如果远程攻击者在特定的时间段内未能完成身份验证,就可能触发该漏洞。
## 影响
未经身份验证的远程攻击者若在规定时间内未能完成身份验证,可能触发该漏洞。这可能导致sshd以不安全的方式处理信号,从而带来潜在的安全风险。备注
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Openssh: regresshion - race condition in ssh allows rce/dos
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
信号处理例程中的竞争条件
来源:美国国家漏洞数据库 NVD
漏洞标题
OpenSSH 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 存在安全漏洞,该漏洞源于信号处理程序中存在竞争条件,攻击者利用该漏洞可以在无需认证的情况下远程执行任意代码并获得系统控制权。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-6387 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | a signal handler race condition in OpenSSH's server (sshd) | https://github.com/zgzhang/cve-2024-6387-poc | POC详情 |
| 2 | None | https://github.com/acrono/cve-2024-6387-poc | POC详情 |
| 3 | None | https://github.com/lflare/cve-2024-6387-poc | POC详情 |
| 4 | Spirit - Network Pentest Tools CVE-2024-6387 | https://github.com/theaog/spirit | POC详情 |
| 5 | None | https://github.com/shyrwall/cve-2024-6387-poc | POC详情 |
| 6 | None | https://github.com/getdrive/CVE-2024-6387-PoC | POC详情 |
| 7 | SSHd cve-2024-6387-poc | https://github.com/FerasAlrimali/CVE-2024-6387-POC | POC详情 |
| 8 | None | https://github.com/passwa11/cve-2024-6387-poc | POC详情 |
| 9 | None | https://github.com/jack0we/CVE-2024-6387 | POC详情 |
| 10 | CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH | https://github.com/xaitax/CVE-2024-6387_Check | POC详情 |
| 11 | Bulk Scanning Tool for OpenSSH CVE-2024-6387, CVE-2006-5051 , CVE-2008-4109 and others. | https://github.com/bigb0x/CVE-2024-6387 | POC详情 |
| 12 | CLI Tool to Check SSH Servers for Vulnerability to CVE-2024-6387 | https://github.com/wiggels/regresshion-check | POC详情 |
| 13 | SSH RCE PoC CVE-2024-6387 | https://github.com/3yujw7njai/CVE-2024-6387 | POC详情 |
| 14 | OpenSSH CVE-2024-6387 Vulnerability Checker | https://github.com/betancour/OpenSSH-Vulnerability-test | POC详情 |
| 15 | None | https://github.com/zgimszhd61/cve-2024-6387-poc | POC详情 |
| 16 | None | https://github.com/yya1233/CVE-2024-6387-Updated-SSH-RCE | POC详情 |
| 17 | None | https://github.com/muyuanlove/CVE-2024-6387fixshell | POC详情 |
| 18 | Recently, the OpenSSH maintainers released security updates to fix a critical vulnerability that could lead to unauthenticated remote code execution (RCE) with root privileges. This vulnerability, identified as CVE-2024-6387, resides in the OpenSSH server component (sshd), which is designed to listen for connections from client applications. | https://github.com/TAM-K592/CVE-2024-6387 | POC详情 |
| 19 | This is a POC I wrote for CVE-2024-6387 | https://github.com/teamos-hub/regreSSHion | POC详情 |
| 20 | None | https://github.com/Maikefee/CVE-2024-6387_Check.py | POC详情 |
| 21 | None | https://github.com/ahlfors/CVE-2024-6387 | POC详情 |
| 22 | None | https://github.com/Mufti22/CVE-2024-6387-checkher | POC详情 |
| 23 | CVE-2024-6387 exploit | https://github.com/thegenetic/CVE-2024-6387-exploit | POC详情 |
| 24 | RCE OpenSSH CVE-2024-6387 Check | https://github.com/HadesNull123/CVE-2024-6387_Check | POC详情 |
| 25 | This script, created by R4Tw1z, is designed to scan IP addresses to check if they are running a potentially vulnerable version of OpenSSH. The tool leverages multi-threading to optimize scanning performance and handle multiple IP addresses concurrently. | https://github.com/R4Tw1z/CVE-2024-6387 | POC详情 |
| 26 | This Python script exploits a remote code execution vulnerability (CVE-2024-6387) in OpenSSH. | https://github.com/d0rb/CVE-2024-6387 | POC详情 |
| 27 | None | https://github.com/oliferFord/CVE-2024-6387-SSH-RCE | POC详情 |
| 28 | Used to detect ssh servers vulnerable to CVE-2024-6387. Shameless robbery from https://github.com/bigb0x/CVE-2024-6387 using ChatGPT to translate the code to PHP. | https://github.com/CiderAndWhisky/regression-scanner | POC详情 |
| 29 | Script for checking CVE-2024-6387 (regreSSHion) | https://github.com/shamo0/CVE-2024-6387_PoC | POC详情 |
| 30 | CVE-2024-6387-nmap | https://github.com/paradessia/CVE-2024-6387-nmap | POC详情 |
| 31 | This Go program scans targets for CVE-2024-6387 in OpenSSH, categorizing servers by vulnerability status and port availability. | https://github.com/SecWithMoh/CVE-2024-6387 | POC详情 |
| 32 | Private x64 RCE exploit for CVE-2024-6387 [02.07.2024] from exploit.in | https://github.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit | POC详情 |
| 33 | None | https://github.com/k4t3pr0/CVE-2024-6387-POC | POC详情 |
| 34 | An Ansible Playbook to mitigate the risk of RCE (CVE-2024-6387) until platforms update OpenSSH to a non-vulnerable version. | https://github.com/DanWiseProgramming/CVE-2024-6387-Mitigation-Ansible-Playbook | POC详情 |
| 35 | openssh-cve-2024-6387.sh | https://github.com/rumochnaya/openssh-cve-2024-6387.sh | POC详情 |
| 36 | Mitigation Guide for CVE-2024-6387 in OpenSSH | https://github.com/zenzue/CVE-2024-6387-Mitigation | POC详情 |
| 37 | None | https://github.com/devarshishimpi/CVE-2024-6387-Check | POC详情 |
| 38 | cve-2024-6387_AImade | https://github.com/hssmo/cve-2024-6387_AImade | POC详情 |
| 39 | None | https://github.com/ACHUX21/checker-CVE-2024-6387 | POC详情 |
| 40 | CVE-2024-6387 with auto ip scanner and auto expliot | https://github.com/AiGptCode/ssh_exploiter_CVE-2024-6387 | POC详情 |
| 41 | A bash script for nmap to scan for vulnerable machines in regards to the latest CVE-2024-6387 | https://github.com/xristos8574/regreSSHion-nmap-scanner | POC详情 |
| 42 | CVE-2024-6387 (regreSSHion) Exploit (PoC), a vulnerability in OpenSSH's server (sshd) on glibc-based Linux systems. | https://github.com/xonoxitron/regreSSHion | POC详情 |
| 43 | 开箱即用的AK47 | https://github.com/no-one-sec/CVE-2024-6387 | POC详情 |
| 44 | None | https://github.com/dawnl3ss/CVE-2024-6387 | POC详情 |
| 45 | None | https://github.com/MrR0b0t19/CVE-2024-6387-Exploit-POC | POC详情 |
| 46 | CVE-2024-6387 : Vulnerability Detection tool for regreSSHion Remote Unauthenticated Code Execution in OpenSSH Server | https://github.com/th3gokul/CVE-2024-6387 | POC详情 |
| 47 | Test_CVE-2024-6387 is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH | https://github.com/n1cks0n/Test_CVE-2024-6387 | POC详情 |
| 48 | PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387) | https://github.com/l0n3m4n/CVE-2024-6387 | POC详情 |
| 49 | CVE-2024-6387-Check is a streamlined and efficient tool created to detect servers operating on vulnerable versions of OpenSSH. | https://github.com/RickGeex/CVE-2024-6387-Checker | POC详情 |
| 50 | Quickly identifies servers vulnerable to OpenSSH 'regreSSHion' (CVE-2024-6387). | https://github.com/xonoxitron/regreSSHion-checker | POC详情 |
| 51 | None | https://github.com/BrandonLynch2402/cve-2024-6387-nuclei-template | POC详情 |
| 52 | None | https://github.com/edsonjt81/CVE-2024-6387_Check | POC详情 |
| 53 | None | https://github.com/EkaterinaMarchetti/CVE-2024-6387-regreSSHion-Checker | POC详情 |
| 54 | regreSSHion vulnerability in OpenSSH CVE-2024-6387 Testing Script | https://github.com/grupooruss/CVE-2024-6387-Tester | POC详情 |
| 55 | None | https://github.com/CognisysGroup/CVE-2024-6387-Checker | POC详情 |
| 56 | Targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. | https://github.com/sxlmnwb/CVE-2024-6387 | POC详情 |
| 57 | SSH Exploit for CVE-2024-6387 : RCE in OpenSSH's server, on glibc-based Linux systems | https://github.com/Symbolexe/CVE-2024-6387 | POC详情 |
| 58 | SentinelSSH is an advanced, high-performance SSH vulnerability scanner written in Go. It's specifically designed to detect the CVE-2024-6387 vulnerability in OpenSSH servers across various network environments. | https://github.com/harshinsecurity/sentinelssh | POC详情 |
| 59 | None | https://github.com/t3rry327/cve-2024-6387-poc | POC详情 |
| 60 | None | https://github.com/jocker2410/CVE-2024-6387_poc | POC详情 |
| 61 | CVE-2024-6387_Check 是一款轻量级、高效的工具,旨在识别运行易受攻击的 OpenSSH 版本的服务器,专门针对最近发现的regreSSHion漏洞 (CVE-2024-6387)。此脚本有助于快速扫描多个 IP 地址、域名和 CIDR 网络范围,以检测潜在漏洞并确保您的基础设施安全。 | https://github.com/JackSparrowhk/ssh-CVE-2024-6387-poc | POC详情 |
| 62 | Welcome to the CVE-2024-6387 OpenSSH Vulnerability Checker repository! This project offers multiple scripts to check the installed version of OpenSSH on your system and determine if it is vulnerable to CVE-2024-6387. It supports various environments, including Ubuntu, Mac, and Windows. | https://github.com/turbobit/CVE-2024-6387-OpenSSH-Vulnerability-Checker | POC详情 |
| 63 | None | https://github.com/sms2056/CVE-2024-6387 | POC详情 |
| 64 | Provides instructions for using the script to check if your OpenSSH installation is vulnerable to CVE-2024-6387 | https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- | POC详情 |
| 65 | None | https://github.com/lala-amber/CVE-2024-6387 | POC详情 |
| 66 | rewrited SSH Exploit for CVE-2024-6387 (regreSSHion) | https://github.com/4lxprime/regreSSHive | POC详情 |
| 67 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | https://github.com/sardine-web/CVE-2024-6387_Check | POC详情 |
| 68 | HASSH fingerprints for identifying OpenSSH servers potentially vulnerable to CVE-2024-6387 (regreSSHion). | https://github.com/0x4D31/cve-2024-6387_hassh | POC详情 |
| 69 | CVE-2024-6387-Check es una herramienta ligera y eficiente diseñada para identificar servidores que ejecutan versiones vulnerables de OpenSSH, específicamente el fallo de seguridad conocido como regreSSHion (CVE-2024-6387). Este script facilita el análisis rápido de múltiples direcciones IP, nombres de dominio y rangos de red CIDR. | https://github.com/Segurmatica/CVE-2024-6387-CHECK | POC详情 |
| 70 | Quick regreSSHion checker (based on software version) for nuclei CVE-2024-6387 | https://github.com/sardine-web/CVE-2024-6387-template | POC详情 |
| 71 | None | https://github.com/imv7/CVE-2024-6387 | POC详情 |
| 72 | CVE-2024-6387 SSH finder | https://github.com/SiberianHacker/CVE-2024-6387-Finder | POC详情 |
| 73 | Correção e Atualização do OpenSSH para CVE-2024-6387 | https://github.com/dgicloud/patch_regreSSHion | POC详情 |
| 74 | Vulnerability remediation and mitigationCVE-2024-6387 | https://github.com/azurejoga/CVE-2024-6387-how-to-fix | POC详情 |
| 75 | regreSSHion vulnerability in OpenSSH CVE-2024-6387 Testing Script | https://github.com/grupooruss/CVE-2024-6387 | POC详情 |
| 76 | Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387) | https://github.com/asterictnl-lvdw/CVE-2024-6387 | POC详情 |
| 77 | Chef Inspec profile for checking regreSSHion vulnerability CVE-2024-6387 | https://github.com/vkaushik-chef/regreSSHion | POC详情 |
| 78 | None | https://github.com/dgourillon/mitigate-CVE-2024-6387 | POC详情 |
| 79 | None | https://github.com/mrmtwoj/CVE-2024-6387 | POC详情 |
| 80 | This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file. | https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker | POC详情 |
| 81 | This Rust Code is designed to check SSH servers for the CVE-2024-6387 vulnerability | https://github.com/kubota/CVE-2024-6387-Vulnerability-Checker | POC详情 |
| 82 | None | https://github.com/DimaMend/cve-2024-6387-poc | POC详情 |
| 83 | Bulk Scanning Tool for OpenSSH CVE-2024-6387, CVE-2024-6409, CVE-2006-5051, CVE-2008-4109, and 16 other CVEs. | https://github.com/bigb0x/SSH-Scanner | POC详情 |
| 84 | CVE-2024-6387, also known as RegreSSHion, is a high-severity vulnerability found in OpenSSH servers (sshd) running on glibc-based Linux systems. It is a regression of a previously fixed vulnerability (CVE-2006-5051), which means the issue was reintroduced in newer versions of OpenSSH. | https://github.com/ThemeHackers/CVE-2024-6387 | POC详情 |
| 85 | OpenSSH vulnerability CVE-2024-6387 | https://github.com/Sibijo/mitigate_ssh | POC详情 |
| 86 | Fix for regreSSHion CVE-2024-6387 for Ubuntu and Debian | https://github.com/Passyed/regreSSHion-Fix | POC详情 |
| 87 | Lỗ hổng thực thi mã không được xác thực từ xa trong máy chủ OpenSSH | https://github.com/k4t3pr0/CVE-2024-6387-Check | POC详情 |
| 88 | Script to address CVE-2024-6387 by changing the LoginGraceTime in sshd. | https://github.com/liqhtnd/sshd-logingracetime0 | POC详情 |
| 89 | OpenSSH a publié un avis de sécurité concernant la vulnérabilité critique CVE-2024-6387. Cette vulnérabilité permet à un attaquant non authentifié d'exécuter du code arbitraire | https://github.com/Jhonsonwannaa/CVE-2024-6387 | POC详情 |
| 90 | OpenSSH RCE Massive Vulnerable Scanner | https://github.com/ThatNotEasy/CVE-2024-6387 | POC详情 |
| 91 | None | https://github.com/W1hithat/CVE-2024-6387 | POC详情 |
| 92 | None | https://github.com/prelearn-code/CVE-2024-6387 | POC详情 |
| 93 | proof of concept python script for regreSSHion exploit | https://github.com/l-urk/CVE-2024-6387 | POC详情 |
| 94 | An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server | https://github.com/alex14324/ssh_poc2024 | POC详情 |
| 95 | Proof of concept python script for regreSSHion exploit. Version 0.1.0. | https://github.com/l-urk/CVE-2024-6387-L | POC详情 |
| 96 | CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH. | https://github.com/niktoproject/CVE-202406387_Check.py | POC详情 |
| 97 | None | https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH | POC详情 |
| 98 | A Bash script to mitigate the CVE-2024-6387 vulnerability in OpenSSH by providing an option to upgrade to a secure version or apply a temporary workaround. This repository helps secure systems against potential remote code execution risks associated with affected OpenSSH versions. | https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix | POC详情 |
| 99 | This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file. | https://github.com/identity-threat-labs/CVE-2024-6387-Vulnerability-Checker | POC详情 |
| 100 | In an era where digital security is crucial, a new vulnerability in OpenSSH, identified as CVE-2024-6387, has drawn the attention of system administrators and security professionals worldwide. Named "regreSSHion," this severe security flaw allows remote code execution (RCE) and could significant threat to the integrity of vulnerable systems. | https://github.com/identity-threat-labs/Article-RegreSSHion-CVE-2024-6387 | POC详情 |
| 101 | An Ansible Playbook to mitigate the risk of RCE (CVE-2024-6387) until platforms update OpenSSH to a non-vulnerable version. | https://github.com/daniel-odrinski/CVE-2024-6387-Mitigation-Ansible-Playbook | POC详情 |
| 102 | OpenSSH a publié un avis de sécurité concernant la vulnérabilité critique CVE-2024-6387. Cette vulnérabilité permet à un attaquant non authentifié d'exécuter du code arbitraire | https://github.com/dream434/CVE-2024-6387 | POC详情 |
| 103 | None | https://github.com/skysaints/CVE-2024-6387-POC | POC详情 |
| 104 | None | https://github.com/skyalliance/CVE-2024-6387-POC | POC详情 |
| 105 | None | https://github.com/YassDEV221608/CVE-2024-6387 | POC详情 |
| 106 | Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387) | https://github.com/oxapavan/CVE-2024-6387 | POC详情 |
| 107 | None | https://github.com/zql-gif/CVE-2024-6387 | POC详情 |
| 108 | test code for cve-2024-6387 | https://github.com/awusan125/test_for6387 | POC详情 |
| 109 | CVE-2024-6387, also known as RegreSSHion, is a high-severity vulnerability found in OpenSSH servers (sshd) running on glibc-based Linux systems. It is a regression of a previously fixed vulnerability (CVE-2006-5051), which means the issue was reintroduced in newer versions of OpenSSH. | https://github.com/anhvutuan/CVE-2024-6387-poc-1 | POC详情 |
| 110 | None | https://github.com/YassDEV221608/CVE-2024-6387_PoC | POC详情 |
| 111 | Script to address CVE-2024-6387 by changing the LoginGraceTime in sshd. | https://github.com/liqhtnd/sshd-logingracetime | POC详情 |
| 112 | This is an altered PoC for d0rb/CVE-2024-6387. This takes glibc addresses and trys to exploit the CVE through them. | https://github.com/AzrDll/CVE-2024-6387 | POC详情 |
| 113 | None | https://github.com/SkyGodling/CVE-2024-6387-POC | POC详情 |
| 114 | Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387) | https://github.com/Karmakstylez/CVE-2024-6387 | POC详情 |
| 115 | SSH RCE PoC CVE-2024-6387 | https://github.com/AiK1d/CVE-2024-6387 | POC详情 |
| 116 | OpenSSH vulnerability CVE-2024-6387 | https://github.com/redux-sibi-jose/mitigate_ssh | POC详情 |
三、漏洞 CVE-2024-6387 的情报信息
- http://www.openwall.com/lists/oss-security/2024/07/08/2
- http://www.openwall.com/lists/oss-security/2024/07/10/3
- http://www.openwall.com/lists/oss-security/2024/07/10/2
- http://www.openwall.com/lists/oss-security/2024/07/10/1
- http://www.openwall.com/lists/oss-security/2024/07/09/5
- http://www.openwall.com/lists/oss-security/2024/07/09/2
- https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/
- https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do
- http://www.openwall.com/lists/oss-security/2024/07/08/3
- http://www.openwall.com/lists/oss-security/2024/07/10/4
- https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132
-
标题: regreSSHion: Uncovering CVE-2024-6387 in OpenSSH - A Critical Vulnerability | Splunk -- 🔗来源链接
标签:
- https://sig-security.rocky.page/issues/CVE-2024-6387/
- http://www.openwall.com/lists/oss-security/2024/07/04/2
- https://github.com/microsoft/azurelinux/issues/9555
- https://access.redhat.com/security/cve/CVE-2024-6387 vdb-entry x_refsource_REDHAT
- https://github.com/PowerShell/Win32-OpenSSH/discussions/2248
- https://github.com/Azure/AKS/issues/4379
- http://www.openwall.com/lists/oss-security/2024/07/28/2
- http://seclists.org/fulldisclosure/2024/Jul/19
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://seclists.org/fulldisclosure/2024/Jul/20
- https://support.apple.com/kb/HT214120
- https://support.apple.com/kb/HT214118
- https://support.apple.com/kb/HT214119
- https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
- http://www.openwall.com/lists/oss-security/2024/07/28/3
- https://github.com/PowerShell/Win32-OpenSSH/issues/2249
- http://www.openwall.com/lists/oss-security/2024/07/23/6
- http://www.openwall.com/lists/oss-security/2024/07/23/4
-
标题: Security Advisory 0100 - Arista -- 🔗来源链接
标签:
- http://www.openwall.com/lists/oss-security/2024/07/11/3
- http://www.openwall.com/lists/oss-security/2024/07/11/1
- https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09
- http://www.openwall.com/lists/oss-security/2024/07/10/6
- https://www.openssh.com/txt/release-9.8
- https://github.com/rapier1/hpn-ssh/issues/87
- https://github.com/oracle/oracle-linux/issues/149
- https://security-tracker.debian.org/tracker/CVE-2024-6387
- https://news.ycombinator.com/item?id=40843778
-
标题: Nasty regreSSHion bug affects around 700K Linux systems • The Register -- 🔗来源链接
标签:
- https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
- https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html
- https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
- https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/
- https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/
- https://explore.alas.aws.amazon.com/CVE-2024-6387.html
-
标题: CVE-2024-6387 Common Vulnerabilities and Exposures | SUSE -- 🔗来源链接
标签:
- https://ubuntu.com/security/notices/USN-6859-1
- https://ubuntu.com/security/CVE-2024-6387
- https://github.com/zgzhang/cve-2024-6387-poc
- http://www.openwall.com/lists/oss-security/2024/07/01/12
- https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010
- http://www.openwall.com/lists/oss-security/2024/07/01/13
- https://security.netapp.com/advisory/ntap-20240701-0001/
- http://www.openwall.com/lists/oss-security/2024/07/02/1
- https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc
- https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/
- https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc
- https://github.com/AlmaLinux/updates/issues/629
- http://www.openwall.com/lists/oss-security/2024/07/04/1
- http://www.openwall.com/lists/oss-security/2024/07/03/11
- http://www.openwall.com/lists/oss-security/2024/07/03/5
- http://www.openwall.com/lists/oss-security/2024/07/03/2
- http://www.openwall.com/lists/oss-security/2024/07/03/1
- http://www.openwall.com/lists/oss-security/2024/07/03/3
- http://www.openwall.com/lists/oss-security/2024/07/03/4
- https://bugzilla.redhat.com/show_bug.cgi?id=2294604 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2024:4340 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2024:4474 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2024:4484 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2024:4479 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2024:4312 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2024:4469 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2024:4389 vendor-advisory x_refsource_REDHAT
- https://nvd.nist.gov/vuln/detail/CVE-2024-6387