CVE-2024-6387
Published: 01 July 2024
Summary
CVE-2024-6387 is a high-severity Signal Handler Race Condition (CWE-364) vulnerability in Freebsd Freebsd. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 0.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-6387 is a security regression of the earlier CVE-2006-5051 flaw in OpenSSH's sshd server component. It stems from a race condition that allows sshd to handle certain signals unsafely during authentication, specifically when a client fails to complete authentication within a defined time window.
An unauthenticated remote attacker can trigger the race condition over the network without any credentials or user interaction. Successful exploitation can lead to arbitrary code execution with root privileges on the affected server, as reflected in the CVSS 8.1 score covering high impact to confidentiality, integrity, and availability.
Red Hat has published multiple errata (RHSA-2024:4312, RHSA-2024:4340, RHSA-2024:4389, RHSA-2024:4469, and RHSA-2024:4474) that address the issue through updated OpenSSH packages; organizations should apply these patches promptly to eliminate the regression. The EPSS score has reached 0.6579 without evidence of a material rise from a low baseline.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-47981
Vulnerability details
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to…
more
authenticate within a set time period.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2024-6387 enables unauthenticated remote code execution in OpenSSH sshd via a signal handling race condition exploitable by remote attackers, mapping to T1210: Exploitation of Remote Services.
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Accurate timestamps from internal clocks enable detection of race conditions by providing reliable event ordering in audit logs.
Coordination of concurrent security activities reduces the probability that shared resources will be accessed simultaneously without proper synchronization.