Advisory: Unauthenticated Remote Code Execution Vulnerability in OpenSSH (CVE-2024-6387)

Sophos Security Advisory

Advisory: Unauthenticated Remote Code Execution Vulnerability in OpenSSH (CVE-2024-6387)
davedavison

Summary

Overview

On Monday, July 1, 2024, the Qualys Threat Research Unit published a security advisory detailing a re-introduction of a previously patched unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems, assigned to CVE-2024-6387, dubbed regreSSHion.

Since the initial announcement, other security researchers have released examples of potential PoCs detailing methods to exploit this vulnerability.

Vulnerable OpenSSH Versions

Qualys reports that the following versions of OpenSSH are vulnerable to CVE-2024-6387:

VersionVulnerable
OpenSSH < 4.4p1Yes (unless patches have been backported against (CVE-2006-5051 and CVE-2008-4109)
4.4p1 <= OpenSSH < 8.5p1No
8.5p1 <= OpenSSH < 9.8p1Yes

 

Are Sophos products are affected?

The following products have been reviewed against the regreSSHion vulnerability:

Product or ServiceStatusDescription
Cloud OptixNot affectedComponent not present
SG UTM (all versions)Not affectedVulnerable code not present
Sophos CentralNot affectedVulnerable code not present
Sophos Endpoint Protection (Windows)Not affectedComponent not present
Sophos Endpoint Protection (macOS)Not affectedComponent not present
Sophos Endpoint Protection (Linux)Not affectedComponent not present
Sophos EmailNot affectedVulnerable code not present
Sophos Firewall (all versions)Not affectedVulnerable code not present
SophosConnect ClientNot affectedComponent not present
Sophos Home (Windows)Not affectedComponent not present
Sophos MobileNot affectedComponent not present
Sophos Mobile EAS ProxyNot affectedComponent not present
Sophos Mobile Control app (iOS + Android)Not affectedComponent not present
Sophos Intercept X for Mobile app (iOS + Android)Not affectedComponent not present
Sophos Secure Email app (iOS + Android)Not affectedComponent not present
Sophos Secure Workspace app (iOS + Android)Not affectedComponent not present
Sophos Chrome SecurityNot affectedComponent not present
Sophos PhishThreatNot affectedVulnerable code not present
Sophos REDNot affectedVulnerable code not present
Sophos AP/APX (SFOS Managed)Not affectedVulnerable code not present
Sophos AP/APX (Central Managed)Not affectedVulnerable code not present
Sophos WirelessNot affectedVulnerable code not present
Sophos DNS ProtectionNot affectedVulnerable code not present
SUSINot affectedComponent not present
AV Engine (all platforms)Not affectedComponent not present

 

Related Information

  

Severity
Informational

First Published

Updated

Publication ID
sophos-sa-20240704-regresshion

Workaround
No

Cloud Optix
Intercept X Endpoint
Sophos Central
Sophos Email
Sophos Firewall
Sophos Home
Sophos Mobile
Sophos Mobile EAS Proxy
Sophos RED
Sophos Secure Workspace (Android)
Sophos Switch
Sophos UTM
Sophos Wireless
SophosLabs Intelix

CVE-2024-6387

Article Version
2

READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *