Information about OpenSSH vulnerability regresshion (CVE-2024-6387)

A critical vulnerability has been discovered in the OpenSSH server, allowing unauthorized remote code execution.

A critical vulnerability has been discovered in OpenSSH server (sshd) named regreSSHion (CVE-2024-6387). This vulnerability allows unauthorized remote code execution and has been identified in versions from 8.5p1 to 9.8p1. The issue originates from a regression of a previously patched vulnerability (CVE-2006-5051).

As always when such vulnerabilities are published, we have acted promptly to minimize the risk of the vulnerability being exploited. All our potentially affected and vulnerable servers have been updated with patches and are deemed safe.

So far, we have not observed any signs of active exploitation of the vulnerability. We continue to monitor the situation closely to ensure that your, and all customers’ data and security are protected.

For more information, please visit CERT-SE at https://www.cert.se/2024/07/kritisk-rce-sarbarhet-i-openssh.html.

If you have your own servers, e.g. in Oderland Cloud, we recommend updating vulnerable versions as soon as possible and otherwise following the provider’s instructions. To get an overview of affected and patched versions for your particular operating system, we recommend checking the supplier’s “security tracker”. Here are some examples: