RegreSSHion bug in OpenSSH - check your servers!

Slavik · Jul 2, 2024

A nasty CVE was posted yesterday https://openwall.com/lists/oss-security/2024/07/01/3

This vulnerability is exploitable remotely and grants unauthenticated root access to your server if pulled off.

Most OS distros have already pushed patches so it is wise to check if you have an affected version and update accordingly.

MentaL · Jul 2, 2024

Slavik said:
A nasty CVE was posted yesterday https://openwall.com/lists/oss-security/2024/07/01/3

This vulnerability is exploitable remotely and grants unauthenticated root access to your server if pulled off.

Most OS distros have already pushed patches so it is wise to check if you have an affected version and update accordingly.

Upgrading:
openssh x86_64 8.7p1-38.el9.alma.2 baseos 457 k
openssh-clients x86_64 8.7p1-38.el9.alma.2 baseos 712 k
openssh-server x86_64 8.7p1-38.el9.alma.2 baseos 458 k

Cheers.

Walter · Jul 4, 2024

For Cpanel users there is a list:

https://support.cpanel.net/hc/en-us/articles/24564735353623-OpenSSH-Vulnerability-regreSShion-CVE-2024-6387

This only affects EL9 based and newer Ubuntu operating system, so e.g. AlmaLinux 8 is not affected.

EL6 Based Systems	Not Affected
EL7 Based Systems	Not Affected
EL8 Based Systems	Not Affected
AlmaLinux 9	Patched	AlmaLinux OS 9 - CVE-2024-6387: regreSSHion
Rocky Linux 9	Patched	Rocky Linux 9 - CVE-2024-6387: regreSSHion
Ubuntu 20.04	Not Affected
Ubuntu 22.04	Patched	USN-6859-1: OpenSSH vulnerability

RegreSSHion bug in OpenSSH - check your servers!

Slavik

XenForo moderator

MentaL

Well-known member

Walter

Well-known member

We value your privacy