Does CVE-2024-6387 affect opennssh server on windows? #2248
-
| Does CVE-2024-6387 affect opennssh server on windows? | 
Beta Was this translation helpful? Give feedback.
Replies: 5 comments
-
| Qualys currently states OpenSSH versions starting 8.5p1 and prior to 9.8p1 are vulnerable. For Windows: Detection relies on the HKLM\SYSTEM\CurrentControlSet\services\sshd registry key to get the sshd.exe file path and checks for file version information from sshd.exe file. We are also curious, if Windows is affected. | 
Beta Was this translation helpful? Give feedback.
-
| On the surface, it doesn't appear like the Windows builds should be affected given that the signal handlers were rewritten for Windows and don't call the function stated in the various disclosures. It would be good for someone with my recent time on the project from Microsoft to confirm my assertion though. Regardless, I suspect Microsoft may just patch it anyhow to avoid having the argument. | 
Beta Was this translation helpful? Give feedback.
-
| Issue here in this repo: #2249 | 
Beta Was this translation helpful? Give feedback.
-
| How does one upgrade to 9.8. I can't find any build for win past 9.5 atm. Ty | 
Beta Was this translation helpful? Give feedback.
-
| I sent an email to secure@microsoft.com earlier today, and this is their official statement: PowerShell/Announcements#63 You can all sleep well now! :) | 
Beta Was this translation helpful? Give feedback.
I sent an email to secure@microsoft.com earlier today, and this is their official statement:
PowerShell/Announcements#63
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6387
You can all sleep well now! :)