SAP Knowledge Base Article - Preview

3490350 - [CVE-2024-6387] OpenSSH Unauthenticated RCE Vulnerability, regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems


An exploit code affecting OpenSSH has been identified by security researchers. Patch addressing the vulnerability (CVE-2024-6387) was released by OpenSSH on Jul 01, 2024.

Tracked as CVE-2024-6387 and named regreSSHion, was discovered by the threat research unit at cybersecurity firm Qualys. Researchers found that the OpenSSH server process ‘sshd’ is affected by a signal handler race condition allowing unauthenticated remote code execution with root privileges on glibc-based Linux systems.

Security team or OS team identified the vulnerability on Linux servers hosting SAP Applications and requested further evaluation from SAP support. 



SAP Applications on Linux Operating System in general


CVE-2024-6387, OpenSSH, vulnerability, regreSSHion, LoginGraceTime , KBA , BC-OP-LNX , Linux , BC-OP-LNX-OLNX , Oracle Linux , BC-OP-LNX-RH , Red Hat Linux , BC-OP-LNX-SUSE , SUSE Linux , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.