Last active
July 1, 2024 16:33
-
-
Save rkreddyp/15fd1594b0cf592128075dba33725481 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -H "Content-Type: application/json" -X POST https://vulns-cve-prod.transilienceapp.com/get_cve_info -d '{"cve_id":"CVE-2024-6387"}' | |
| [ | |
| { | |
| "vulnerable_products": "[{'vendor_name': 'Red Hat, Inc.', 'vendor_product': 'Red Hat Enterprise Linux', 'vendor_software': 'OpenSSH (sshd)', 'operating_system': 'Linux', 'vendor_version': '6', 'vendor_max_vulnerable_version_including': 'NA', 'vendor_min_vulnerable_version_including': 'NA', 'vulnerable_reason': \"A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().\", 'precondition_configuration': 'Client does not authenticate within LoginGraceTime seconds.', 'criticalcondition_configuration': 'NA', 'discrepancy': False, 'discrepancy_reason': 'NA'}, {'vendor_name': 'Red Hat, Inc.', 'vendor_product': 'Red Hat Enterprise Linux', 'vendor_software': 'OpenSSH (sshd)', 'operating_system': 'Linux', 'vendor_version': '7', 'vendor_max_vulnerable_version_including': 'NA', 'vendor_min_vulnerable_version_including': 'NA', 'vulnerable_reason': \"A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().\", 'precondition_configuration': 'Client does not authenticate within LoginGraceTime seconds.', 'criticalcondition_configuration': 'NA', 'discrepancy': False, 'discrepancy_reason': 'NA'}, {'vendor_name': 'Red Hat, Inc.', 'vendor_product': 'Red Hat Enterprise Linux', 'vendor_software': 'OpenSSH (sshd)', 'operating_system': 'Linux', 'vendor_version': '8', 'vendor_max_vulnerable_version_including': 'NA', 'vendor_min_vulnerable_version_including': 'NA', 'vulnerable_reason': \"A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().\", 'precondition_configuration': 'Client does not authenticate within LoginGraceTime seconds.', 'criticalcondition_configuration': 'NA', 'discrepancy': False, 'discrepancy_reason': 'NA'}, {'vendor_name': 'Red Hat, Inc.', 'vendor_product': 'Red Hat Enterprise Linux', 'vendor_software': 'OpenSSH (sshd)', 'operating_system': 'Linux', 'vendor_version': '9', 'vendor_max_vulnerable_version_including': 'NA', 'vendor_min_vulnerable_version_including': 'NA', 'vulnerable_reason': \"A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().\", 'precondition_configuration': 'Client does not authenticate within LoginGraceTime seconds.', 'criticalcondition_configuration': 'NA', 'discrepancy': False, 'discrepancy_reason': 'NA'}]", | |
| "remediations": "[{'remediation_deadline': 'NA', 'remediation_rationale': 'NA', 'remediation_version': 'NA', 'max_remediated_version': 'NA', 'min_remediated_version': 'NA', 'workaround': 'NA'}]", | |
| "asset.asset_description": "OpenSSH server (sshd)", | |
| "asset.asset_criticality": "NA", | |
| "asset.asset_criticality_reasoning": "NA", | |
| "asset.application": "OpenSSH server (sshd)", | |
| "asset.industry": "NA", | |
| "exploit.exploit_steps": "['Client does not authenticate within LoginGraceTime seconds.', \"sshd's SIGALRM handler is called asynchronously.\", 'The signal handler calls various functions that are not async-signal-safe, for example, syslog().']", | |
| "exploit.exploit_code_presence": false, | |
| "exploit.exploit_details": "A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().", | |
| "exploit.exploit_conditions": "Client does not authenticate within LoginGraceTime seconds.", | |
| "exploit.exploit_impact": "Potential for arbitrary code execution or system crash.", | |
| "image": "access_redhat_com_security_cve_CVE-2024-6387.png", | |
| "url": "https://access.redhat.com/security/cve/CVE-2024-6387" | |
| }, | |
| { | |
| "vulnerable_products": "[{'vendor_name': 'Red Hat, Inc.', 'vendor_product': 'OpenSSH', 'vendor_software': 'sshd', 'operating_system': 'Linux', 'vendor_version': '8.5p1', 'vendor_max_vulnerable_version_including': '8.5p1', 'vendor_min_vulnerable_version_including': 'NA', 'vulnerable_reason': \"A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds, then sshd's SIGALRM handler is called asynchronously. This signal handler calls various functions that are not async-signal-safe, for example, syslog().\", 'precondition_configuration': 'Client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions).', 'criticalcondition_configuration': 'NA', 'discrepancy': False}]", | |
| "remediations": "[{'remediation_deadline': '2024-07-01', 'remediation_rationale': 'To prevent possible remote code execution due to a race condition in signal handling.', 'remediation_version': 'NA', 'max_remediated_version': 'NA', 'min_remediated_version': 'NA', 'workaround': 'NA'}]", | |
| "asset.asset_description": "OpenSSH server (sshd)", | |
| "asset.asset_criticality": "high", | |
| "asset.asset_criticality_reasoning": "The asset is critical as it is an OpenSSH server, which is essential for secure network operations and remote management.", | |
| "asset.application": "OpenSSH server", | |
| "asset.industry": "Information Technology", | |
| "exploit.exploit_steps": "['Identify an OpenSSH server running the vulnerable version.', 'Ensure the client does not authenticate within LoginGraceTime seconds.', 'Trigger the SIGALRM handler asynchronously.', 'Exploit the signal handler to call non-async-signal-safe functions like syslog().']", | |
| "exploit.exploit_code_presence": false, | |
| "exploit.exploit_details": "A signal handler race condition in OpenSSH's server (sshd) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.", | |
| "exploit.exploit_conditions": "Client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions).", | |
| "exploit.exploit_impact": "Denial of service (crash) and possible remote code execution.", | |
| "image": "bugzilla_redhat_com_show_bug_cgi?id=2294604.png", | |
| "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604" | |
| }, | |
| { | |
| "vulnerable_products": "[{'vendor_name': 'Red Hat, Inc.', 'vendor_product': 'OpenSSH', 'vendor_software': 'sshd', 'operating_system': 'NA', 'vendor_version': 'NA', 'vendor_max_vulnerable_version_including': 'NA', 'vendor_min_vulnerable_version_including': 'NA', 'vulnerable_reason': \"A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds, then sshd's SIGALRM handler is called asynchronously. This signal handler calls various functions that are not async-signal-safe, for example, syslog().\", 'precondition_configuration': 'Client does not authenticate within LoginGraceTime seconds.', 'criticalcondition_configuration': 'NA', 'discrepancy': False, 'discrepancy_reason': 'NA'}]", | |
| "remediations": "[{'remediation_deadline': 'NA', 'remediation_rationale': 'NA', 'remediation_version': 'NA', 'max_remediated_version': 'NA', 'min_remediated_version': 'NA', 'workaround': 'NA'}]", | |
| "asset.asset_description": "OpenSSH server (sshd)", | |
| "asset.asset_criticality": "NA", | |
| "asset.asset_criticality_reasoning": "NA", | |
| "asset.application": "OpenSSH server", | |
| "asset.industry": "NA", | |
| "exploit.exploit_steps": "['NA']", | |
| "exploit.exploit_code_presence": false, | |
| "exploit.exploit_details": "A signal handler race condition in OpenSSH's server (sshd) where the SIGALRM handler is called asynchronously if a client does not authenticate within LoginGraceTime seconds. This handler calls functions that are not async-signal-safe, such as syslog().", | |
| "exploit.exploit_conditions": "Client does not authenticate within LoginGraceTime seconds.", | |
| "exploit.exploit_impact": "NA", | |
| "image": "www_qualys_com_2024_07_01_cve-2024-6387_regresshion_txt.png", | |
| "url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt" | |
| }, | |
| { | |
| "vulnerable_products": "[{'vendor_name': 'Red Hat, Inc.', 'vendor_product': 'OpenSSH', 'vendor_software': 'sshd', 'operating_system': 'NA', 'vendor_version': 'NA', 'vendor_max_vulnerable_version_including': 'NA', 'vendor_min_vulnerable_version_including': 'NA', 'vulnerable_reason': \"A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds, then sshd's SIGALRM handler is called asynchronously. This signal handler calls various functions that are not async-signal-safe, such as syslog().\", 'precondition_configuration': 'Client does not authenticate within LoginGraceTime seconds.', 'criticalcondition_configuration': 'NA', 'discrepancy': False, 'discrepancy_reason': 'NA'}]", | |
| "remediations": "[{'remediation_deadline': 'NA', 'remediation_rationale': 'NA', 'remediation_version': 'NA', 'max_remediated_version': 'NA', 'min_remediated_version': 'NA', 'workaround': 'NA'}]", | |
| "asset.asset_description": "OpenSSH server (sshd)", | |
| "asset.asset_criticality": "High", | |
| "asset.asset_criticality_reasoning": "The OpenSSH server is critical as it handles secure remote access to systems, which is essential for system administration and management.", | |
| "asset.application": "Secure remote access", | |
| "asset.industry": "Information Technology", | |
| "exploit.exploit_steps": "['Trigger the signal handler by ensuring a client does not authenticate within LoginGraceTime seconds.', 'Observe the asynchronous call to the SIGALRM handler.', 'Exploit the race condition by calling functions that are not async-signal-safe, such as syslog().']", | |
| "exploit.exploit_code_presence": true, | |
| "exploit.exploit_details": "The vulnerability is a signal handler race condition in OpenSSH's server (sshd). If a client does not authenticate within LoginGraceTime seconds, the sshd's SIGALRM handler is called asynchronously. This handler calls functions that are not async-signal-safe, such as syslog(), leading to potential race conditions.", | |
| "exploit.exploit_conditions": "Client does not authenticate within LoginGraceTime seconds.", | |
| "exploit.exploit_impact": "Exploitation of this vulnerability can lead to unpredictable behavior, including potential crashes or execution of unintended code.", | |
| "image": "cwe_mitre_org_data_definitions_364_html.png", | |
| "url": "http://cwe.mitre.org/data/definitions/364.html" | |
| }, | |
| { | |
| "vulnerable_products": "[{'vendor_name': 'Red Hat', 'vendor_product': 'Red Hat Enterprise Linux 6', 'vendor_software': 'OpenSSH', 'operating_system': 'Linux', 'vendor_version': 'NA', 'vendor_max_vulnerable_version_including': 'NA', 'vendor_min_vulnerable_version_including': 'NA', 'vulnerable_reason': \"Signal handler race condition in OpenSSH's server (sshd)\", 'precondition_configuration': 'Client does not authenticate within LoginGraceTime seconds', 'criticalcondition_configuration': 'NA', 'discrepancy': False, 'discrepancy_reason': 'NA'}, {'vendor_name': 'Red Hat', 'vendor_product': 'Red Hat Enterprise Linux 7', 'vendor_software': 'OpenSSH', 'operating_system': 'Linux', 'vendor_version': 'NA', 'vendor_max_vulnerable_version_including': 'NA', 'vendor_min_vulnerable_version_including': 'NA', 'vulnerable_reason': \"Signal handler race condition in OpenSSH's server (sshd)\", 'precondition_configuration': 'Client does not authenticate within LoginGraceTime seconds', 'criticalcondition_configuration': 'NA', 'discrepancy': False, 'discrepancy_reason': 'NA'}, {'vendor_name': 'Red Hat', 'vendor_product': 'Red Hat Enterprise Linux 8', 'vendor_software': 'OpenSSH', 'operating_system': 'Linux', 'vendor_version': 'NA', 'vendor_max_vulnerable_version_including': 'NA', 'vendor_min_vulnerable_version_including': 'NA', 'vulnerable_reason': \"Signal handler race condition in OpenSSH's server (sshd)\", 'precondition_configuration': 'Client does not authenticate within LoginGraceTime seconds', 'criticalcondition_configuration': 'NA', 'discrepancy': False, 'discrepancy_reason': 'NA'}, {'vendor_name': 'Red Hat', 'vendor_product': 'Red Hat Enterprise Linux 9', 'vendor_software': 'OpenSSH', 'operating_system': 'Linux', 'vendor_version': 'NA', 'vendor_max_vulnerable_version_including': 'NA', 'vendor_min_vulnerable_version_including': 'NA', 'vulnerable_reason': \"Signal handler race condition in OpenSSH's server (sshd)\", 'precondition_configuration': 'Client does not authenticate within LoginGraceTime seconds', 'criticalcondition_configuration': 'NA', 'discrepancy': False, 'discrepancy_reason': 'NA'}]", | |
| "remediations": "[{'remediation_deadline': 'NA', 'remediation_rationale': 'NA', 'remediation_version': 'NA', 'max_remediated_version': 'NA', 'min_remediated_version': 'NA', 'workaround': 'NA'}]", | |
| "asset.asset_description": "OpenSSH's server (sshd)", | |
| "asset.asset_criticality": "High", | |
| "asset.asset_criticality_reasoning": "OpenSSH is widely used for secure communication in many critical systems.", | |
| "asset.application": "Secure communication", | |
| "asset.industry": "Information Technology", | |
| "exploit.exploit_steps": "['Identify a target running an affected version of OpenSSH.', 'Ensure the target has a LoginGraceTime set (default is 120 seconds, 600 in older versions).', 'Initiate a connection to the target and do not authenticate within the LoginGraceTime period.', 'Trigger the SIGALRM handler in sshd, causing it to call non-async-signal-safe functions.']", | |
| "exploit.exploit_code_presence": false, | |
| "exploit.exploit_details": "A signal handler race condition in OpenSSH's server (sshd) can be exploited when a client does not authenticate within the LoginGraceTime period, causing sshd's SIGALRM handler to call non-async-signal-safe functions like syslog().", | |
| "exploit.exploit_conditions": "Client does not authenticate within LoginGraceTime seconds.", | |
| "exploit.exploit_impact": "Possible remote code execution.", | |
| "image": "cve_org_CVERecord?id=CVE-2024-6387.png", | |
| "url": "https://cve.org/CVERecord?id=CVE-2024-6387" | |
| } | |
| ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment