Is 8.5 really vulnerable?
Closed this issue · 4 comments
Greetings and thanks for publishing this script. I have a question, though, is OpenSSH 8.5 truly vulnerable? According to the CVE description, the earlier version with the exploitable regression would be 8.5p1:
https://nvd.nist.gov/vuln/detail/CVE-2024-6387
And other versions of this script like https://github.com/asterictnl-lvdw/CVE-2024-6387 do not recognise OpenSSH 8.5 as vulnerable.
Hi @Villodre - generally that version is vulnerable. Happy to add the detailed banner of a patched version to the exclusion list of the script. If you have it. You can find those that are known to be patched here:
https://github.com/xaitax/CVE-2024-6387_Check/blob/main/CVE-2024-6387_Check.py#L121
Sorry to insist but I'm striving to learn. Where can I check that OpenSSH 8.5 is vulnerable when every source I check says the regression was introduced in 8.5p1?
https://www.qualys.com/regresshion-cve-2024-6387/
https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do
https://www.logpoint.com/en/blog/the-story-of-regresshion/
Hi @Villodre - no worries. :) It's a patch level of version 8.5. Since I need specific banner/versions where it's patched to exclude it from the script it might be assumed the version generally is vulnerable.
One of your articles also states:
Best regards,
Alex
I understand now: it is feasible that some distros have applied the 8.5p1 patch (and thus the regression) without explicitly changing the server banner to "8.5 p1"
Thanks for the explanation and for your patience!