Utilizziamo i cookie per migliorare la nostra pagina web. Leggi la nostra Informativa sui cookie .

Avviso sulla sicurezza dei prodotti ASUSTOR

AS-2024-004: OpenSSH

2024-07-08

Severity

Important

Status

Ongoing

Statement

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). OpenSSH versions prior to 9.7p1 are susceptible to a vulnerability which can lead to sshd to handle some signals in an unsafe manner.

CVE-2024-6387 affected ASUSTOR products with ADM 4.3 and ADM 4.0. Updates with OpenSSH 9.8p1 will be released as soon as possible.

  • OpenSSH 9.8p1 has been updated on ADM 4.3.1.R752 to resolve the issues.

Affected Products

Product Severity Fixed Release Availability
ADM 4.3, 4.2 and 4.1 Important Upgrade to ADM 4.3.1.R752 or above.
ADM 4.0 Important Ongoing

Detail

  • CVE-2024-6387
    • Severity: High
    • A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Reference


Revision

Revision Date Description
1 2024-07-03 Initial public release.
1 2024-07-08 Release ADM 4.3.1.R752 to update OpenSSH version for fixing the issues.