regreSSHion (CVE-2024-6387)
What is regreSSHion (CVE-2024-6387)?
regreSSHion (CVE-2024-6387)An unauthenticated remote code execution flaw in OpenSSH server caused by a signal handler race condition reachable before authentication.
regreSSHion is a critical OpenSSH vulnerability disclosed by Qualys in July 2024 and tracked as CVE-2024-6387. It re-introduces a previously fixed bug (CVE-2006-5051) in the sshd signal handler: when a client fails to authenticate within LoginGraceTime, sshd raises SIGALRM and invokes async-signal-unsafe functions, creating a race that can be turned into pre-auth remote code execution as root. Affected versions include OpenSSH 8.5p1 through 9.7p1 on glibc Linux. Practical exploitation is slow and noisy but viable on internet-facing servers. Mitigation is upgrading to 9.8p1 or later, or setting LoginGraceTime 0 as a temporary control.
● Examples
- 01
An internet-facing sshd on Debian 12 is exploited remotely after thousands of connection attempts to win the race.
- 02
Defenders set LoginGraceTime to 0 and rate-limit port 22 while rolling out the OpenSSH 9.8p1 update.
● Frequently asked questions
What is regreSSHion (CVE-2024-6387)?
An unauthenticated remote code execution flaw in OpenSSH server caused by a signal handler race condition reachable before authentication. It belongs to the Vulnerabilities category of cybersecurity.
What does regreSSHion (CVE-2024-6387) mean?
An unauthenticated remote code execution flaw in OpenSSH server caused by a signal handler race condition reachable before authentication.
How does regreSSHion (CVE-2024-6387) work?
regreSSHion is a critical OpenSSH vulnerability disclosed by Qualys in July 2024 and tracked as CVE-2024-6387. It re-introduces a previously fixed bug (CVE-2006-5051) in the sshd signal handler: when a client fails to authenticate within LoginGraceTime, sshd raises SIGALRM and invokes async-signal-unsafe functions, creating a race that can be turned into pre-auth remote code execution as root. Affected versions include OpenSSH 8.5p1 through 9.7p1 on glibc Linux. Practical exploitation is slow and noisy but viable on internet-facing servers. Mitigation is upgrading to 9.8p1 or later, or setting LoginGraceTime 0 as a temporary control.
How do you defend against regreSSHion (CVE-2024-6387)?
Defences for regreSSHion (CVE-2024-6387) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for regreSSHion (CVE-2024-6387)?
Common alternative names include: CVE-2024-6387, OpenSSH signal handler race.
● Related terms
- vulnerabilities№ 895
Race Condition
A defect where the security or correctness of a system depends on the timing or ordering of concurrent operations, allowing attackers to interleave actions and bypass checks.
- defense-ops№ 802
Patch Management
The end-to-end process of identifying, testing, deploying, and verifying software updates that fix vulnerabilities or bugs.