CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.1%
A security regression (CVE-2006-5051) was discovered in OpenSSH’s server
(sshd). There is a race condition which can lead sshd to handle some
signals in an unsafe manner. An unauthenticated, remote attacker may be
able to trigger it by failing to authenticate within a set time period.
Author | Note |
---|---|
Priority reason: Potential remote code execution | |
seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
sbeattie | introduced in upstream commit 752250caa (“upstream: revised log infrastructure for OpenSSH”, 2020-10-16) (v8.5p1) essentially a regression of CVE-2006-5051 Because of a quirk of the 24.04/noble patch to allow systemd socket activation, it is believed that that release is not vulnerable to the exploitation approach taken by Qualys. https://git.launchpad.net/ubuntu/+source/openssh/tree/debian/patches/systemd-socket-activation.patch |
launchpad.net/bugs/cve/CVE-2024-6387
nvd.nist.gov/vuln/detail/CVE-2024-6387
security-tracker.debian.org/tracker/CVE-2024-6387
ubuntu.com/blog/ubuntu-regresshion-security-fix
ubuntu.com/security/notices/USN-6859-1
www.cve.org/CVERecord?id=CVE-2024-6387
www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.1%