High-Severity Vulnerability Affecting OpenSSH

Published on 02 Jul 2024

Security researchers have discovered a high-severity vulnerability (CVE-2024-6387) in OpenSSH's server (sshd).

Successful exploitation of the vulnerability could allow an unauthenticated attacker to perform arbitrary remote code execution with root permissions on glibc-based Linux systems.

The vulnerability affects OpenSSH versions earlier than 4.4p1 and versions from 8.5p1 and up to 9.8p1.

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:
https://lists.debian.org/debian-security-announce/2024/msg00135.html
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server