Please confirm which versions (if any) are vulnerable to CVE-2024-6387 #2249
Comments
|
Is there any update? why is ssh on windows so behind... |
|
We have Windows Server 2019 and 2022 and need the information if the OpenSSH-Feature is vulnerable, too. |
|
Confirming the latest Windows 11 release is vulnerable version: 
|
|
https://www.qualys.com/regresshion-cve-2024-6387/
Windows is neither Linux or glibc-based so I assume it's not relevant? |
|
Does this vulnerability affect macOS or Windows? |
FreeBSD is neither Linux or glibc based, but they patched it. |
|
Based on my topical analysis and general knowledge of how signal handling is done in this fork, I do not believe this vulnerability is relevant to this fork. |
|
Is there any update on this ? Please confirm.. |
|
Any updates? |
|
Thanks for the different insights everyone! |
|
Any updates Microsoft? |
|
@tgauth can you give any insights on this? Is Win32_OpenSSH vulnerable or not? come on, Microsoft, you can do better than that. It's been very frustraing in the last months. |
|
I sent an email to secure@microsoft.com earlier today, and this is their official statement: PowerShell/Announcements#63 You can all sleep well now! :) |
|
Apologies for the delay in responding - please see the announcement mentioned above for guidance. PowerShell/Announcements#63 |
Request for information
CVE-2024-6387 (stylized as regreSSHion) is a Remote Unauthenticated Code Execution vulnerability in
sshdin glibc-based Linux systems, discovered by Qualys.What I want to know: Is OpenSSH for Windows vulnerable?
I don't see any changes that line up with Qualys's disclosure timeline, and the version number that I get when I do a fresh install via
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0is8.6.0.1(which falls within the vulnerable range, according to what I'm seeing).The text was updated successfully, but these errors were encountered: