Overview
The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems in July 2024. CVE assigned to this vulnerability is CVE-2024-6387.
Advisory Details
| Advisory ID | ASA-2024-0701 |
| Issue Date | 2024-07-01 |
| Severity | > 8 |
| CVE | CVE-2024-6387 |
Vulnerability Details
CVE-2024-6387, or regreSSHion, is a critical vulnerability in OpenSSH server for glibc-based Linux systems. It allows attackers to gain full control of the system remotely without needing any login credentials. This is particularly dangerous because the vulnerable software runs in its default configuration on many servers. The vulnerability arises from a flaw in how the server handles signals, creating an opportunity for attackers to inject malicious code and run it with the highest privileges.
Due to the ease of exploitation and potential for complete system takeover, this vulnerability is classified as critical.
Affected Products
| Product Name | Affected Version |
|---|---|
| Accops HySecure Gateway | HySecure 5.4 SP2 with COS-1007 applied HySecure 5.4 SP5 with COS-1007 applied HySecure 5.4 SP6 with COS-1008 applied |
| Accops HyID | HySecure 5.4 SP2 with COS-1007 applied HySecure 5.4 SP5 with COS-1007 applied HySecure 5.4 SP6 with COS-1008 applied |
Resolution
Accops has released the below fixes for this security vulnerability:
| Module | Fix Type | Fix Details |
| HySecure Gateway | OS Hotfix | https://support.accops.com/en/support/solutions/articles/12000100577-security-hotfix-ah-cos-cm-os01-5-4-sp5-20240723-hpat |
| HyID Gateway | OS Hotfix | https://support.accops.com/en/support/solutions/articles/12000100577-security-hotfix-ah-cos-cm-os01-5-4-sp5-20240723-hpat |
Contact
Please reach out to [email protected] if you have more questions about this update.