🐾 - 🚨 Possible OpenSSH server vulnerable to regreSSHion - CVE-2024-6387

SID: 3321289Rev: 13105 views
History
Sourcepawpatrules
CreatedJuly 6, 2024
UpdatedJanuary 18, 2025
Classificationpolicy-violation
alert ssh any any -> any any (msg:"🐾 - 🚨 Possible OpenSSH server vulnerable to regreSSHion - CVE-2024-6387"; flow:to_client, stateless; pcre:!"/OpenSSH_8.9p1 Ubuntu-3ubuntu0.1[0-9]/"; pcre:!"/OpenSSH_9\.3p1 Ubuntu-3ubuntu3\.[0-9]/"; pcre:!"/OpenSSH_9\.6p1 Ubuntu-3ubuntu13\.[3-9]/"; pcre:!"/OpenSSH_9\.3p1 Ubuntu-1ubuntu3\.[6-9]/"; pcre:!"/OpenSSH_9\.2p1 Debian-2\+deb12u[3-9]/"; pcre:!"/OpenSSH_8\.4p1 Debian-5\+deb11u[3-9]/"; pcre:!"/OpenSSH_9\.7p1 Debian-[7-9]/"; ssh.software; dataset:isset,pawpatrules_regresshion,type string,load pawpatrules_regresshion.lst; reference:url,https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt; reference:url,https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server; reference:url,https://www.openssh.com/txt/release-9.8; metadata:created_at 2024_07_06, updated_at 2025_01_18, affected_product Linux; sid:3321289; rev:13; classtype:policy-violation;)

References

urlhttps://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
urlhttps://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
urlhttps://www.openssh.com/txt/release-9.8

Metadata

created at2024_07_06
updated at2025_01_18
affected productLinux

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!