:: Re: [DNG] CVE-2024-6387: regreSSHio…
Top Page
Delete this message
Reply to this message
Author: Tom
Date:  
To: dng
Subject: Re: [DNG] CVE-2024-6387: regreSSHion bug in OpenSSH


> On 2 Jul 2024, at 17:35, Martin Steigerwald <martin@???> wrote:
>
> Martin Steigerwald - 02.07.24, 09:30:15 CEST:
>> Simon Walter - 02.07.24, 07:40:41 CEST:
>>> Is this fixed upstream already?
>>
>> Posting my inofficial guidance on patching here as well. It will be much
> easier to find in this thread as in yet another "Is this systemd?" thread.


The bug was discovered by Qualys researchers and they also have a very nice detailed explanation of the exploit on their site.

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

Tom