Open camerondm9 opened 4 days ago
Is there any update? why is ssh on windows so behind...
We have Windows Server 2019 and 2022 and need the information if the OpenSSH-Feature is vulnerable, too. All very old SSH-Server - Microsoft, have you forgotten your Secure Future Initiative (SFI): https://www.microsoft.com/en-us/microsoft-cloud/resources/built-in-security
Confirming the latest Windows 11 release is vulnerable version:
https://www.qualys.com/regresshion-cve-2024-6387/
discovered this unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems.
Windows is neither Linux or glibc-based so I assume it's not relevant?
Does this vulnerability affect macOS or Windows? While it is likely that the vulnerability exists in both macOS and Windows, its exploitability on these platforms remains uncertain. Further analysis is required to determine the specific impact.
https://www.qualys.com/regresshion-cve-2024-6387/
discovered this unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems.
Windows is neither Linux or glibc-based so I assume it's not relevant?
FreeBSD is neither Linux or glibc based, but they patched it.
Based on my topical analysis and general knowledge of how signal handling is done in this fork, I do not believe this vulnerability is relevant to this fork.
Is there any update on this ? Please confirm..
Request for information
CVE-2024-6387 (stylized as regreSSHion) is a Remote Unauthenticated Code Execution vulnerability in
sshd
in glibc-based Linux systems, discovered by Qualys.What I want to know: Is OpenSSH for Windows vulnerable?
I don't see any changes that line up with Qualys's disclosure timeline, and the version number that I get when I do a fresh install via
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
is8.6.0.1
(which falls within the vulnerable range, according to what I'm seeing).