CVE-2024-6387, also known as "RegreSSHion," is a critical vulnerability discovered in OpenSSH versions 8.5p1 to 9.7p1. It was publicly disclosed on July 1 2024. This vulnerability involves a signal handler race condition in the sshd (OpenSSH server). When an attacker fails to authenticate within the default LoginGraceTime of 120 seconds, the SIGALRM handler is triggered asynchronously. This flaw allows an unauthenticated attacker to potentially execute arbitrary code with root privileges, posing a severe security risk.
SFTP To Go services and our customers are not affected by the issues caused by CVE-2024-6387 and no action is required.