RCE vulnerability in OpenSSH server

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2024-027 CVE-2024-6387 07/01/2024 medium v1

Vulnerability details

There is a race condition which can lead sshd to process certain signals in a dangerous way and result in remote execution of arbitrary code by an unidentified attacker.

Impacted products

ProductsSeverityDetail
Stormshield Management Center medium SMC is impacted

Revisions

Version Date Description
v1 07/05/2024 Initial release


Stormshield Management Center

CVSS v3.1 Overall Score: 6      

Analysis

Impacted version

This vulnerability allows an unauthenticated attacker to execute arbitrary code remotely with root privileges. The risk associated with this vulnerability is mitigated if the deployment recommendations for SMC, as describe in the installation guide, have been respected

  • SMC 3.0.0 to 3.5.4

Workaround solution

Solution

If your SMC is publicly accessible there is a temporary solution (until the new version of SMC is released) which is to change the value of LoginGraceTime to 0 in the sshd configuration file.

  • In SMC, edit /etc/ssh/sshd_config file
  • Uncomment and change LoginGraceTime value to 0
  • Save and restart sshd service ( nrestart sshd or /etc/init.d/sshd restart)

Warning

This workaround prevents remote execution of arbitrary code, but leaves the machine vulnerable to a remote denial of service.

A fix will be released soon



Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network High None None Unchanged High Low Low
CVSS Base score: 7 CVSS Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Functional exploit exists Official fix Confirmed
CVSS Temporal score: 6.5 CVSS Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
Medium Low Low
CVSS Environmental score: 6 CVSS Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C/CR:M/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)