Asustor Security Advisory AS-2024-004: OpenSSH
Versions prior to 9.7p1 are susceptible to vulnerability which can lead to OpenSSH's server to handle some signals in unsafe manner.
This is a Press Release edited by StorageNewsletter.com on July 24, 2024 at 2:01 pmAsustor, Inc. had published a security advisory concerning a resolved vulnerability in OpenSSH.
Severity: Important
Status: Ongoing
Statement
A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). OpenSSH versions prior to 9.7p1 are susceptible to a vulnerability which can lead to sshd to handle some signals in an unsafe manner.
CVE-2024-6387 affected Asustor products with ADM 4.3 and ADM 4.0. Updates with OpenSSH 9.8p1 will be released as soon as possible.
-
OpenSSH 9.8p1 has been updated on ADM 4.3.1.R752 to resolve the issues.
Affected products
Product |
Severity |
Fixed release availability |
---|---|---|
ADM 4.3, 4.2 and 4.1 |
Important |
Upgrade to ADM 4.3.1.R752 or above. |
ADM 4.0 |
Important |
Ongoing |
Detail
- CVE-2024-6387
- Severity: High
- A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Reference
Revision
Revision |
Date |
Description |
---|---|---|
1 |
2024-07-03 |
Initial public release. |
1 |
2024-07-08 |
Release ADM 4.3.1.R752 to update OpenSSH version for fixing the issues. |