-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check detection of CVE-2024-6387 #24395
Comments
Issue blockedSince this CVE is awaiting analysis by the NVD, we must generate the baseline content ourselves. This will be addressed at: Once this CVE is migrated we are going to proceed with this issue |
Commit released, moved to on-hold |
AnalysisDetectionNote The scanner is able to detect the vulnerability.
2024/07/04 16:06:36 wazuh-modulesd:vulnerability-scanner[36225] packageScanner.hpp:477 at versionMatch(): DEBUG: Match found, the package 'openssh-server', is vulnerable to 'CVE-2024-6387'. Current version: '8.7p1-34.el9' (less than '0:8.7p1-38.el9_4.1' or equal to ''). - Agent 'centos9' (ID: '002', Version: 'v4.7.3').
2024/07/04 16:07:17 wazuh-modulesd:vulnerability-scanner[36225] packageScanner.hpp:477 at versionMatch(): DEBUG: Match found, the package 'openssh', is vulnerable to 'CVE-2024-6387'. Current version: '8.7p1-34.el9' (less than '0:8.7p1-38.el9_4.1' or equal to ''). - Agent 'centos9' (ID: '002', Version: 'v4.7.3').
2024/07/04 16:07:44 wazuh-modulesd:vulnerability-scanner[36225] packageScanner.hpp:477 at versionMatch(): DEBUG: Match found, the package 'openssh-clients', is vulnerable to 'CVE-2024-6387'. Current version: '8.7p1-34.el9' (less than '0:8.7p1-38.el9_4.1' or equal to ''). - Agent 'centos9' (ID: '002', Version: 'v4.7.3').
2024/07/04 16:15:40 wazuh-modulesd:vulnerability-scanner[37329] packageScanner.hpp:477 at versionMatch(): DEBUG: Match found, the package 'openssh', is vulnerable to 'CVE-2024-6387'. Current version: '9.7p1-2' (less than '9.8p1-1' or equal to ''). - Agent 'archlinux' (ID: '001', Version: 'v4.7.4'). According to ArchLinux feed package, version 9.7p1-2 is vulnerable Both cases were proved above. According to Ubuntu feed, the package was fixed in 8.9p1 Vulnerability candidatesRedHat 9 openssh_CVE-2024-6387 ==> {
"candidates": [
{
"cveId": "CVE-2024-6387",
"defaultStatus": "unaffected",
"platforms": [
"cpe:/a:redhat:enterprise_linux:9",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::highavailability",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::resilientstorage",
"cpe:/a:redhat:enterprise_linux:9::sap",
"cpe:/a:redhat:enterprise_linux:9::sap_hana",
"cpe:/a:redhat:enterprise_linux:9::supplementary",
"cpe:/o:redhat:enterprise_linux:9",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"versions": [
{
"version": "0",
"lessThan": "0:8.7p1-38.el9_4.1",
"versionType": "rpm"
}
]
}
]
} ArchLinux openssh_CVE-2024-6387 ==> {
"candidates": [
{
"cveId": "CVE-2024-6387",
"defaultStatus": "unaffected",
"versions": [
{
"version": "9.7p1-2",
"lessThan": "9.8p1-1",
"versionType": "custom"
}
]
}
]
} canonical openssh-server_CVE-2024-6387 ==> {
"candidates": [
{
"cveId": "CVE-2024-6387",
"defaultStatus": "unaffected",
"platforms": [
"jammy"
],
"versions": [
{
"version": "0",
"lessThan": "1:8.9p1-3ubuntu0.10",
"versionType": "custom"
}
]
},
{
"cveId": "CVE-2024-6387",
"defaultStatus": "unaffected",
"platforms": [
"mantic"
],
"versions": [
{
"version": "0",
"lessThan": "1:9.3p1-1ubuntu3.6",
"versionType": "custom"
}
]
},
{
"cveId": "CVE-2024-6387",
"defaultStatus": "unaffected",
"platforms": [
"noble"
],
"versions": [
{
"version": "0",
"lessThan": "1:9.6p1-3ubuntu13.3",
"versionType": "custom"
}
]
}
]
} Note I'm not getting 2024/07/04 17:41:36 wazuh-modulesd:vulnerability-scanner[63237] packageScanner.hpp:415 at versionMatch(): DEBUG: Scanning package - 'openssh-sftp-server' (Installed Version: 1:8.9p1-3ubuntu0.10, Security Vulnerability: CVE-2024-6387). Identified vulnerability: Version: 0. Required Version Threshold: 1:8.9p1-3ubuntu0.10. Required Version Threshold (or Equal): . in qa efficacy tests, the content may be outdated. Update (7/5/2024)The tar.xz file is outdated, but the information with offset: 756338 is up to date. wazuh-modulesd:vulnerability-scanner:databaseFeedManager.hpp:227 processMessage : Processing line: 239001
wazuh-modulesd:content-updater:action.hpp:177 runActionOnDemand : Starting on-demand action for 'vulnerability_feed_manager'
wazuh-modulesd:content-updater:action.hpp:210 runAction : Action for 'vulnerability_feed_manager' started
wazuh-modulesd:content-updater:actionOrchestrator.hpp:208 runOffsetUpdate : Running 'vulnerability_feed_manager' offset update
wazuh-modulesd:content-updater:factoryOffsetUpdater.hpp:41 create : FactoryOffsetUpdater - Starting process
wazuh-modulesd:content-updater:updateCtiApiOffset.hpp:70 handleRequest : UpdateCtiApiOffset - Starting process
wazuh-modulesd:content-updater:updateCtiApiOffset.hpp:42 update : Updating offset with value: 756338
wazuh-modulesd:content-updater:action.hpp:221 runAction : Action for 'vulnerability_feed_manager' finished
wazuh-modulesd:vulnerability-scanner:databaseFeedManager.hpp:349 operator() : Feed update process completed
wazuh-modulesd:content-updater:onDemandManager.cpp:169 stopServer : Server stopped
wazuh-modulesd:content-updater:action.hpp:138 stopActionScheduler : Scheduler stopped for 'vulnerability_feed_manager'
Error removing FD from interface. |
Issue blocked
|
Description
Given the impact that CVE-2024-6387 has on the community, it is necessary to confirm that it is within the vulnerability detection capabilities of detector 4.8.
this must be done on all tier 1 platforms
DoD
The text was updated successfully, but these errors were encountered: