Bug 2294879 - CVE-2024-6387: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
Summary: CVE-2024-6387: Remote Unauthenticated Code Execution Vulnerability in OpenSSH...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: rawhide
Hardware: All
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Dmitry Belyavskiy
QA Contact: Fedora Extras Quality Assurance
URL: https://www.qualys.com/2024/07/01/cve...
Whiteboard:
Depends On: 2230781
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-01 09:54 UTC by Daniel Milnes
Modified: 2024-07-02 09:36 UTC (History)
12 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2024-07-02 09:36:52 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FC-1232 0 None None None 2024-07-01 09:54:59 UTC

Description Daniel Milnes 2024-07-01 09:54:10 UTC 
OpenSSH and Qualys have disclosed CVE-2024-6387, which is a race condition allowing for Remote Code Execution as Root in openssh-server.

OpenSSH estimate that 6-8 hours of bruteforcing against an ASLR-enabled 32-bit system would allow this vulnerability to be exploited. Exploits for 64-bit are currently still theoretical. I've raised this as urgent, although it could potentially be downgraded to High until the exploit is proven.

There are more details about this vulnerability on https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt 

This will be fixed by bug 2230781, which I will hopefully have a look at later today.

Reproducible: Always
Comment 1 Daniel Milnes 2024-07-01 10:35:16 UTC 
Freshly un-embargoed, this is also being tracked on bug 2294604.
Comment 2 Dmitry Belyavskiy 2024-07-02 09:36:52 UTC 
The fix has landed
Note You need to log in before you can comment on or make changes to this bug.