SAP Knowledge Base Article - Preview

3490350 - [CVE-2024-6387] OpenSSH Unauthenticated RCE Vulnerability, regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems

Symptom

An exploit code affecting OpenSSH has been identified by security researchers. Patch addressing the vulnerability (CVE-2024-6387) was released by OpenSSH on Jul 01, 2024.

Tracked as CVE-2024-6387 and named regreSSHion, was discovered by the threat research unit at cybersecurity firm Qualys. Researchers found that the OpenSSH server process ‘sshd’ is affected by a signal handler race condition allowing unauthenticated remote code execution with root privileges on glibc-based Linux systems.

Security team or OS team identified the vulnerability on Linux servers hosting SAP Applications and requested further evaluation from SAP support. 


Read more...

Environment

SAP Applications on Linux Operating System in general

Keywords

CVE-2024-6387, OpenSSH, vulnerability, regreSSHion, LoginGraceTime , KBA , BC-OP-LNX , Linux , BC-OP-LNX-OLNX , Oracle Linux , BC-OP-LNX-RH , Red Hat Linux , BC-OP-LNX-SUSE , SUSE Linux , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.