Unmasking CVE-2024- 6387: The Critical OpenSSH Flaw Exposing Servers to Remote Attacks 

CVE-2024-6387 is a critical security vulnerability identified in the OpenSSH server (sshd). This vulnerability, classified as a Remote Code Execution (RCE) flaw, enables unauthenticated attackers to execute arbitrary code on affected systems. The exploit takes advantage of a previously unknown weakness in the sshd service, allowing remote attackers to gain full control over the target server without requiring valid authentication credentials. The discovery of this vulnerability highlights the ongoing need for vigilance and timely patching in maintaining the security of critical network services. This advisory outlines the nature of these vulnerabilities, the affected products, and provides guidance on mitigation strategies to safeguard against potential attacks. 

What is Remote Unauthenticated Code Execution Vulnerability in OpenSSH server? 

A security regression (CVE-2024-6387) was found in OpenSSH’s server (sshd). This issue arises from a race condition that causes sshd to handle certain signals unsafely. A remote attacker, without authentication, might exploit this by failing to authenticate within a specified time frame. The Qualys Threat Research Unit (TRU) discovered an unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems. This marks the first OpenSSH vulnerability in nearly twenty years and allows an unauthenticated RCE that provides full root access. The vulnerability affects the default configuration and requires no user interaction, representing a significant exploit risk. 

What is affected? 

OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE2006-5051 and CVE-2008-4109. Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure. Versions from 8.5p1 up to, but not including, 9.8p1 are vulnerable due to the accidental removal of a critical component in a function. OpenBSD systems