Updated 30 July 2024 - 12:00 CET
Sshd is the OpenSSH server process. It listens to incoming connections using the SSH protocol and acts as the server for the protocol. It handles user authentication, encryption, terminal connections, file transfers, and tunneling.
The vulnerability CVE-2024-6387 in sshd allows an attacker to execute arbitrary code on the targeted system, bypass authentication to gain unauthorized access, cause a denial of service by crashing or rendering the sshd unavailable, and exfiltrate sensitive data such as personal information and SSH keys.
All Linux operating systems using affected versions of SSH with GNU C library : This includes popular distributions like Debian, Ubuntu, etc.
Servers and Applications using SSH: Any server exposed to the Internet or an internal network using SSH for remote management is at risk.
CVE-2024-6387 is a security vulnerability in ssd, specifically in the way certain versions of the SSH server handle logins and authentications.
There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period without user interaction.
| Product | Version | Status | Patched Product Version | Comment |
|---|---|---|---|---|
| Cerebrum | Not vulnerable | |||
| IP Director | Not vulnerable | |||
| IPWeb API Services | Not vulnerable | |||
| XPlore | Not vulnerable | |||
| Xedio | 4.91 | Not vulnerable | ||
| C-Cast | Not vulnerable | |||
| MAD | Not vulnerable | |||
| XTAccess | Not vulnerable | |||
| XViewer | Not vulnerable | |||
| XSquare | Not vulnerable | |||
| XFile3 | Not vulnerable | |||
| XNetMonitor / XNetWebMonitor | Not vulnerable | |||
| C-NEXT | 1.3.4 | Not vulnerable | EOL Soon | |
| Ingest Funnel | 1.7.1 | Not vulnerable | EOL | |
| MultiReview | 1.10 | Not vulnerable | EOL | |
| TruckManager | 1.2 | Not vulnerable | EOL | |
| Neuron | Not vulnerable | |||
| Synapse | Not vulnerable | |||
| IPD-VIA | Vulnerable |
VIA MAP 1.0.1 build: 2.412.0 |
Versions prior to 1.0 not affected cause running on CentOS (OpenSSH_7.4p1) | |
| IPWeb Streaming Server | Not vulnerable | Still running on CentOS | ||
| MediaHub | 5.5.1 & 5.5.2 & 5.6 | Not vulnerable | ||
| XT / Multicam | Vulnerable | Please contact EVS Support | ||
| XHub-VIA | Vulnerable | Please contact EVS Support | ||
| XS-NEO | Vulnerable | CentOS 7.9 not affected: OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 | ||
| XR-NEO | Vulnerable | CentOS 7.9 not affected: OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 | ||
| Xeebra | Not vulnerable | |||
| LSG | Not vulnerable | |||
| LSM-VIA | Not vulnerable | |||
| XtraMotion | Not vulnerable |