Lucene search

F5F5:K000140222

HistoryJul 01, 2024 - 12:00 a.m.

K000140222: OpenSSH server vulnerability CVE-2024-6387

2024-07-0100:00:00

my.f5.com

openssh

server

vulnerability

signal handler

race condition

ssh

authentication

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.3%

JSON

Security Advisory Description

A signal handler race condition was found in OpenSSH’s server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd’s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). (CVE-2024-6387)

Impact

For products with Nonein the Versions known to be vulnerable column, there is no impact.

For products with ****** in the various columns, F5 is still researching the issue and will update this article after confirming the required information. F5 Support has no additional information about this issue.

Affected configurations

Vulners

Node

f5big-ip_nextMatch20.1.0

f5big-ip_nextMatch20.1.1

f5big-ip_nextMatch20.2.0

f5big-ip_nextMatch1.1.0

f5big-ip_nextMatch1.1.1

f5big-ip_nextMatch1.2.0

f5big-ip_nextMatch1.2.1

f5big-ip_nextMatch1.3.0

f5big-ip_dnsMatch1.1.0

f5big-ip_dnsMatch1.1.1

f5big-ip_dnsMatch1.2.0

f5big-ip_dnsMatch1.2.1

f5big-ip_dnsMatch1.3.0

f5big-ip_nextMatch1.1.0

f5big-ip_nextMatch1.1.1

f5big-ip_nextMatch1.2.0

f5big-ip_nextMatch1.2.1

f5big-ip_nextMatch1.3.0

f5big-ip_ltmMatch20.1.0

f5big-ip_ltmMatch20.2.0

f5big-ip_nextMatch1.5.0

f5big-ip_nextMatch1.6.0

f5big-ip_nextMatch1.7.0

f5big-ip_nextMatch1.7.1

f5big-ip_nextMatch1.7.2

f5big-ip_nextMatch1.7.3

f5big-ip_nextMatch1.7.4

f5big-ip_nextMatch1.7.5

f5big-ip_nextMatch1.7.6

f5big-ip_nextMatch1.7.7

f5big-ip_nextMatch1.7.8

f5big-ip_nextMatch1.8.0

f5big-ip_nextMatch1.8.2

f5big-ip_nextMatch1.9.0

f5big-ip_nextMatch1.9.1

f5big-ip_nextMatch1.9.2

f5big-ip_nextMatch20.1.0

f5big-ip_nextMatch20.2.0

f5big-ipMatch15.1.0

f5big-ipMatch15.1.1

f5big-ipMatch15.1.10

f5big-ipMatch15.1.2

f5big-ipMatch15.1.3

f5big-ipMatch15.1.4

f5big-ipMatch15.1.5

f5big-ipMatch15.1.6

f5big-ipMatch15.1.7

f5big-ipMatch15.1.8

f5big-ipMatch15.1.9

f5big-ip_afmMatch15.1.0

f5big-ip_afmMatch15.1.1

f5big-ip_afmMatch15.1.10

f5big-ip_afmMatch15.1.2

f5big-ip_afmMatch15.1.3

f5big-ip_afmMatch15.1.4

f5big-ip_afmMatch15.1.5

f5big-ip_afmMatch15.1.6

f5big-ip_afmMatch15.1.7

f5big-ip_afmMatch15.1.8

f5big-ip_afmMatch15.1.9

f5big-ip_afmMatch16.1.0

f5big-ip_afmMatch16.1.1

f5big-ip_afmMatch16.1.2

f5big-ip_afmMatch16.1.3

f5big-ip_afmMatch16.1.4

f5big-ip_afmMatch17.1.0

f5big-ip_afmMatch17.1.1

f5big-ip_analyticsMatch15.1.0

f5big-ip_analyticsMatch15.1.1

f5big-ip_analyticsMatch15.1.10

f5big-ip_analyticsMatch15.1.2

f5big-ip_analyticsMatch15.1.3

f5big-ip_analyticsMatch15.1.4

f5big-ip_analyticsMatch15.1.5

f5big-ip_analyticsMatch15.1.6

f5big-ip_analyticsMatch15.1.7

f5big-ip_analyticsMatch15.1.8

f5big-ip_analyticsMatch15.1.9

f5big-ip_analyticsMatch16.1.0

f5big-ip_analyticsMatch16.1.1

f5big-ip_analyticsMatch16.1.2

f5big-ip_analyticsMatch16.1.3

f5big-ip_analyticsMatch16.1.4

f5big-ip_analyticsMatch17.1.0

f5big-ip_analyticsMatch17.1.1

f5big-ip_apmMatch15.1.0

f5big-ip_apmMatch15.1.1

f5big-ip_apmMatch15.1.10

f5big-ip_apmMatch15.1.2

f5big-ip_apmMatch15.1.3

f5big-ip_apmMatch15.1.4

f5big-ip_apmMatch15.1.5

f5big-ip_apmMatch15.1.6

f5big-ip_apmMatch15.1.7

f5big-ip_apmMatch15.1.8

f5big-ip_apmMatch15.1.9

f5big-ip_apmMatch16.1.0

f5big-ip_apmMatch16.1.1

f5big-ip_apmMatch16.1.2

f5big-ip_apmMatch16.1.3

f5big-ip_apmMatch16.1.4

f5big-ip_apmMatch17.1.0

f5big-ip_apmMatch17.1.1

f5big-ip_asmMatch15.1.0

f5big-ip_asmMatch15.1.1

f5big-ip_asmMatch15.1.10

f5big-ip_asmMatch15.1.2

f5big-ip_asmMatch15.1.3

f5big-ip_asmMatch15.1.4

f5big-ip_asmMatch15.1.5

f5big-ip_asmMatch15.1.6

f5big-ip_asmMatch15.1.7

f5big-ip_asmMatch15.1.8

f5big-ip_asmMatch15.1.9

f5big-ip_asmMatch16.1.0

f5big-ip_asmMatch16.1.1

f5big-ip_asmMatch16.1.2

f5big-ip_asmMatch16.1.3

f5big-ip_asmMatch16.1.4

f5big-ip_asmMatch17.1.0

f5big-ip_asmMatch17.1.1

f5big-ip_dnsMatch15.1.0

f5big-ip_dnsMatch15.1.1

f5big-ip_dnsMatch15.1.10

f5big-ip_dnsMatch15.1.2

f5big-ip_dnsMatch15.1.3

f5big-ip_dnsMatch15.1.4

f5big-ip_dnsMatch15.1.5

f5big-ip_dnsMatch15.1.6

f5big-ip_dnsMatch15.1.7

f5big-ip_dnsMatch15.1.8

f5big-ip_dnsMatch15.1.9

f5big-ip_dnsMatch16.1.0

f5big-ip_dnsMatch16.1.1

f5big-ip_dnsMatch16.1.2

f5big-ip_dnsMatch16.1.3

f5big-ip_dnsMatch16.1.4

f5big-ip_dnsMatch17.1.0

f5big-ip_dnsMatch17.1.1

f5big-ipMatch15.1.0

f5big-ipMatch15.1.1

f5big-ipMatch15.1.10

f5big-ipMatch15.1.2

f5big-ipMatch15.1.3

f5big-ipMatch15.1.4

f5big-ipMatch15.1.5

f5big-ipMatch15.1.6

f5big-ipMatch15.1.7

f5big-ipMatch15.1.8

f5big-ipMatch15.1.9

f5big-ipMatch16.1.0

f5big-ipMatch16.1.1

f5big-ipMatch16.1.2

f5big-ipMatch16.1.3

f5big-ipMatch16.1.4

f5big-ipMatch17.1.0

f5big-ipMatch17.1.1

f5big-ip_link_controllerMatch15.1.0

f5big-ip_link_controllerMatch15.1.1

f5big-ip_link_controllerMatch15.1.10

f5big-ip_link_controllerMatch15.1.2

f5big-ip_link_controllerMatch15.1.3

f5big-ip_link_controllerMatch15.1.4

f5big-ip_link_controllerMatch15.1.5

f5big-ip_link_controllerMatch15.1.6

f5big-ip_link_controllerMatch15.1.7

f5big-ip_link_controllerMatch15.1.8

f5big-ip_link_controllerMatch15.1.9

f5big-ip_link_controllerMatch16.1.0

f5big-ip_link_controllerMatch16.1.1

f5big-ip_link_controllerMatch16.1.2

f5big-ip_link_controllerMatch16.1.3

f5big-ip_link_controllerMatch16.1.4

f5big-ip_link_controllerMatch17.1.0

f5big-ip_link_controllerMatch17.1.1

f5big-ip_ltmMatch15.1.0

f5big-ip_ltmMatch15.1.1

f5big-ip_ltmMatch15.1.10

f5big-ip_ltmMatch15.1.2

f5big-ip_ltmMatch15.1.3

f5big-ip_ltmMatch15.1.4

f5big-ip_ltmMatch15.1.5

f5big-ip_ltmMatch15.1.6

f5big-ip_ltmMatch15.1.7

f5big-ip_ltmMatch15.1.8

f5big-ip_ltmMatch15.1.9

f5big-ip_ltmMatch16.1.0

f5big-ip_ltmMatch16.1.1

f5big-ip_ltmMatch16.1.2

f5big-ip_ltmMatch16.1.3

f5big-ip_ltmMatch16.1.4

f5big-ip_ltmMatch17.1.0

f5big-ip_ltmMatch17.1.1

f5big-ip_pemMatch15.1.0

f5big-ip_pemMatch15.1.1

f5big-ip_pemMatch15.1.10

f5big-ip_pemMatch15.1.2

f5big-ip_pemMatch15.1.3

f5big-ip_pemMatch15.1.4

f5big-ip_pemMatch15.1.5

f5big-ip_pemMatch15.1.6

f5big-ip_pemMatch15.1.7

f5big-ip_pemMatch15.1.8

f5big-ip_pemMatch15.1.9

f5big-ip_pemMatch16.1.0

f5big-ip_pemMatch16.1.1

f5big-ip_pemMatch16.1.2

f5big-ip_pemMatch16.1.3

f5big-ip_pemMatch16.1.4

f5big-ip_pemMatch17.1.0

f5big-ip_pemMatch17.1.1

f5nginx_agentMatch2.17.0

f5nginx_agentMatch2.18.0

f5nginx_agentMatch2.19.0

f5nginx_agentMatch2.20.0

f5nginx_agentMatch2.20.1

f5nginx_agentMatch2.22.0

f5nginx_agentMatch2.22.1

f5nginx_agentMatch2.23.0

f5nginx_agentMatch2.23.1

f5nginx_agentMatch2.23.2

f5nginx_agentMatch2.23.3

f5nginx_agentMatch2.24.0

f5nginx_agentMatch2.24.1

f5nginx_agentMatch2.25.0

f5nginx_agentMatch2.25.1

f5nginx_agentMatch2.26.0

f5nginx_agentMatch2.26.1

f5nginx_agentMatch2.26.2

f5nginx_agentMatch2.27.0

f5nginx_agentMatch2.28.0

f5nginx_agentMatch2.28.1

f5nginx_agentMatch2.29.0

f5nginx_agentMatch2.30.0

f5nginx_agentMatch2.30.1

f5nginx_agentMatch2.30.2

f5nginx_agentMatch2.30.3

f5nginx_agentMatch2.31.0

f5nginx_agentMatch2.31.1

f5nginx_agentMatch2.31.2

f5nginx_agentMatch2.32.0

f5nginx_agentMatch2.32.1

f5nginx_agentMatch2.32.2

f5nginx_agentMatch2.33.0

f5nginx_agentMatch2.34.0

f5nginx_agentMatch2.34.1

f5nginx_agentMatch2.35.0

f5nginx_agentMatch2.35.1

f5nginx_api_connectivity_managerMatch1.0.0

f5nginx_api_connectivity_managerMatch1.1.0

f5nginx_api_connectivity_managerMatch1.1.1

f5nginx_api_connectivity_managerMatch1.2.0

f5nginx_api_connectivity_managerMatch1.3.0

f5nginx_api_connectivity_managerMatch1.3.1

f5nginx_api_connectivity_managerMatch1.4.0

f5nginx_api_connectivity_managerMatch1.4.1

f5nginx_api_connectivity_managerMatch1.5.0

f5nginx_api_connectivity_managerMatch1.6.0

f5nginx_api_connectivity_managerMatch1.7.0

f5nginx_api_connectivity_managerMatch1.8.0

f5nginx_api_connectivity_managerMatch1.9.0

f5nginx_api_connectivity_managerMatch1.9.1

f5nginx_api_connectivity_managerMatch1.9.2

f5nginx_app_protectMatch2.4.0

f5nginx_app_protectMatch3.0.0

f5nginx_app_protectMatch3.1.0

f5nginx_app_protectMatch4.0.1

f5nginx_app_protectMatch4.1.0

f5nginx_app_protectMatch4.2.0

f5nginx_app_protectMatch4.3.0

f5nginx_app_protectMatch4.4.0

f5nginx_app_protectMatch3.11.0

f5nginx_app_protectMatch3.12.1

f5nginx_app_protectMatch3.12.2

f5nginx_app_protectMatch4.0.0

f5nginx_app_protectMatch4.1.0

f5nginx_app_protectMatch4.10.0

f5nginx_app_protectMatch4.2.0

f5nginx_app_protectMatch4.3.0

f5nginx_app_protectMatch4.4.0

f5nginx_app_protectMatch4.5.0

f5nginx_app_protectMatch4.6.0

f5nginx_app_protectMatch4.7.0

f5nginx_app_protectMatch4.8.0

f5nginx_app_protectMatch4.8.1

f5nginx_app_protectMatch4.9.0

f5nginx_app_protectMatch5.0.0

f5nginx_app_protectMatch5.1.0

f5nginx_app_protectMatch5.2.0

f5nginx_controllerMatch3.18.3

f5nginx_controllerMatch3.19.1-apim

f5nginx_controllerMatch3.19.2-apim

f5nginx_controllerMatch3.19.3-apim

f5nginx_controllerMatch3.19.4-apim

f5nginx_controllerMatch3.19.5-apim

f5nginx_controllerMatch3.19.6-apim

f5nginx_controllerMatch3.20.0

f5nginx_controllerMatch3.20.1

f5nginx_controllerMatch3.21.0

f5nginx_controllerMatch3.22.0

f5nginx_controllerMatch3.22.1

f5nginx_controllerMatch3.22.2

f5nginx_controllerMatch3.22.3

f5nginx_controllerMatch3.22.4

f5nginx_controllerMatch3.22.5

f5nginx_controllerMatch3.22.6

f5nginx_controllerMatch3.22.7

f5nginx_controllerMatch3.22.8

f5nginx_controllerMatch3.22.9

f5nginx_ingress_controllerMatch1.12.5

f5nginx_ingress_controllerMatch2.2.1

f5nginx_ingress_controllerMatch2.2.2

f5nginx_ingress_controllerMatch2.3.0

f5nginx_ingress_controllerMatch2.4.0

f5nginx_ingress_controllerMatch2.4.1

f5nginx_ingress_controllerMatch2.4.2

f5nginx_ingress_controllerMatch3.0.0

f5nginx_ingress_controllerMatch3.0.1

f5nginx_ingress_controllerMatch3.0.2

f5nginx_ingress_controllerMatch3.1.0

f5nginx_ingress_controllerMatch3.1.1

f5nginx_ingress_controllerMatch3.2.0

f5nginx_ingress_controllerMatch3.2.1

f5nginx_ingress_controllerMatch3.3.0

f5nginx_ingress_controllerMatch3.3.1

f5nginx_ingress_controllerMatch3.4.0

f5nginx_ingress_controllerMatch3.4.1

f5nginx_ingress_controllerMatch3.4.2

f5nginx_ingress_controllerMatch3.5.0

f5nginx_ingress_controllerMatch3.5.1

f5nginx_ingress_controllerMatch3.5.2

f5nginx_ingress_controllerMatch3.6.0

f5nginx_instance_managerMatch2.10.0

f5nginx_instance_managerMatch2.10.1

f5nginx_instance_managerMatch2.11.0

f5nginx_instance_managerMatch2.12.0

f5nginx_instance_managerMatch2.13.0

f5nginx_instance_managerMatch2.13.1

f5nginx_instance_managerMatch2.14.0

f5nginx_instance_managerMatch2.14.1

f5nginx_instance_managerMatch2.15.0

f5nginx_instance_managerMatch2.15.1

f5nginx_instance_managerMatch2.16.0

f5nginx_instance_managerMatch2.2.0

f5nginx_instance_managerMatch2.3.0

f5nginx_instance_managerMatch2.3.1

f5nginx_instance_managerMatch2.4.0

f5nginx_instance_managerMatch2.5.0

f5nginx_instance_managerMatch2.5.1

f5nginx_instance_managerMatch2.6.0

f5nginx_instance_managerMatch2.7.0

f5nginx_instance_managerMatch2.8.0

f5nginx_instance_managerMatch2.9.0

f5nginx_instance_managerMatch2.9.1

f5nginx_security_monitoringMatch1.0.0

f5nginx_security_monitoringMatch1.1.0

f5nginx_security_monitoringMatch1.2.0

f5nginx_security_monitoringMatch1.3.0

f5nginx_security_monitoringMatch1.4.0

f5nginx_security_monitoringMatch1.5.0

f5nginx_security_monitoringMatch1.6.0

f5nginx_security_monitoringMatch1.7.0

f5nginx_security_monitoringMatch1.7.1

f5nginxMatchr27plus

f5nginxMatchr28plus

f5nginxMatchr29plus

f5nginxMatchr30plus

f5nginxMatchr31plus

f5nginxMatchr32plus

f5nginx_service_meshMatch1.1.0

f5nginx_service_meshMatch1.2.0

f5nginx_service_meshMatch1.2.1

f5nginx_service_meshMatch1.3.0

f5nginx_service_meshMatch1.3.1

f5nginx_service_meshMatch1.4.0

f5nginx_service_meshMatch1.4.1

f5nginx_service_meshMatch1.5.0

f5nginx_service_meshMatch1.6.0

f5nginx_service_meshMatch1.7.0

f5nginx_service_meshMatch2.0.0

f5nginxMatch1.27.0

f5nginxMatch1.28.0

f5nginxMatch1.29.0

f5nginxMatch1.29.1

f5nginxMatch1.30.0

f5nginxMatch1.31.0

f5nginxMatch1.31.1

f5nginxMatch1.32.0

f5nginxMatch1.32.1

f5f5os-aMatch1.5.1

f5f5os-aMatch1.5.2

f5f5os-aMatch1.7.0

f5f5os-cMatch1.6.0

f5f5os-cMatch1.6.1

f5f5os-cMatch1.6.2

f5big-iq_centralized_managementMatch8.2.0

f5big-iq_centralized_managementMatch8.3.0

f5big-ip_ddos_hybrid_defenderMatch15.1.0

f5big-ip_ddos_hybrid_defenderMatch15.1.1

f5big-ip_ddos_hybrid_defenderMatch16.1.0

f5big-ip_ddos_hybrid_defenderMatch17.1.0

f5ssl_orchestratorMatch15.1.0

f5ssl_orchestratorMatch15.1.1

f5ssl_orchestratorMatch15.1.2

f5ssl_orchestratorMatch15.1.9

f5ssl_orchestratorMatch16.1.0

f5ssl_orchestratorMatch16.1.1

f5ssl_orchestratorMatch16.1.3

f5ssl_orchestratorMatch16.1.4

f5ssl_orchestratorMatch17.1.0

f5ssl_orchestratorMatch17.1.1

f5traffix_signaling_delivery_controllerMatch5.1.0

f5traffix_signaling_delivery_controllerMatch5.2.0

CPENameOperatorVersion
big-ip next central managereq20.1.0
big-ip next central managereq20.1.1
big-ip next central managereq20.2.0
big-ip next cgnat cnfeq1.1.0
big-ip next cgnat cnfeq1.1.1
big-ip next cgnat cnfeq1.2.0
big-ip next cgnat cnfeq1.2.1
big-ip next cgnat cnfeq1.3.0
big-ip next dns cnfeq1.1.0
big-ip next dns cnfeq1.1.1

Name	Operator	Version
big-ip next central manager	eq	20.1.0
big-ip next central manager	eq	20.1.1
big-ip next central manager	eq	20.2.0
big-ip next cgnat cnf	eq	1.1.0
big-ip next cgnat cnf	eq	1.1.1
big-ip next cgnat cnf	eq	1.2.0
big-ip next cgnat cnf	eq	1.2.1
big-ip next cgnat cnf	eq	1.3.0
big-ip next dns cnf	eq	1.1.0
big-ip next dns cnf	eq	1.1.1