This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kim_Moberg
Advisor
Monday

Is Check Point Gaia vulnerable towards this new cve-2024-6387 in OpenSSH?

Hi

Is Check Point Gaia vulnerable towards this new CVE-2024-6387 in OpenSSH?

Any plans to mitigate this CVE?

Reference

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems (thehackernews.com)

qualys.com/2024/07/01/cve-2024-6387/regresshion.txt?ref=upstract.com

Thanks

 

Best Regards
Kim
(1)
11 Replies
Bob_Zimmerman
Authority
Authority
Monday

R81.20 jumbo 65 ships with OpenSSH_7.8p1, which is before the regression was introduced in 8.5p1. I haven't checked an R82 system yet.

0 Kudos
PhoneBoy
Admin
Admin
Monday
In response to Bob_Zimmerman

The R82 EA also ships with the same OpenSSH version as R81.20 (7.8p1).
Even where we shipped an older version of OpenSSH that was subject to CVE-2006-5051 (the original bug that regressed as CVE-2024-6387), we included the fix for this: https://support.checkpoint.com/results/sk/sk61744

Will have to double check Gaia Embedded.

Bob_Zimmerman
Authority
Authority
Monday
In response to PhoneBoy

That brings up an interesting question. Does Gaia Embedded use glibc or musl? The vulnerability only applies to OpenSSH versions 8.5p1 and up linked against glibc, and that's not especially common in embedded systems.

0 Kudos
PhoneBoy
Admin
Admin
Monday
In response to Bob_Zimmerman

Offhand, I don't know if we use glibc or musl.
Prior to R80.20.60, we were using Dropbear, so this should not impact older SMB appliances.
As of R81.10.10, we use OpenSSH 8.5p1.

In any case, I've raised the issue with the SMB team and will report back.

spottex
Collaborator
Monday
In response to PhoneBoy

Will wait for your next reply.

While i'm waitng I found some commands to poke around:

ldd -r -v /bin/ssh : shows gblic libraries
rpm -q --changelog $(rpm -qa | grep openssh) | grep CVE-2006-5051 : shows CVE-2006-5051 is still included in change logs

https://support.checkpoint.com/results/sk/sk65269

Johan_Thelmen
Explorer
4 hours ago
In response to spottex

Hi, I see this new sk182459 CVE-2024-6387 - OpenSSH Library RCE, Sparc is not mentioned here yet. https://support.checkpoint.com/results/sk/sk182459

 

0 Kudos
a574591
Participant
7 hours ago
In response to PhoneBoy

Will this CVE be included in the sk65269?

Status of OpenSSH CVEs (checkpoint.com)

0 Kudos
Chris_Atkinson
Employee Employee
Employee
5 hours ago
In response to a574591

Yes that is a logical expectation I would say and has since been actioned.

Moreover regarding general mitigations, IPS protection "Multiple SSH Initial Connection Requests" appears to have been updated.

 

CCSM R77/R80/ELITE
0 Kudos
Kim_Moberg
Advisor
yesterday
In response to Bob_Zimmerman

Also interested in hearing about R81.10 Take 130 and above. 

Maybe as @spottex mention I can check our installation specified in the SK65269 - https://support.checkpoint.com/results/sk/sk65269

Best Regards
Kim
0 Kudos
Bob_Zimmerman
Authority
Authority
yesterday
In response to Kim_Moberg

My oldest firewall still currently running is R80.40 jumbo 139. My newest is R81.20 jumbo 65. Both have OpenSSH 7.8p1, so I'd say it's reasonable to assume all the versions between them do, too.

0 Kudos
genisis__
Leader Leader
Leader
7 hours ago
In response to Bob_Zimmerman

I've noted in R81 with JHFA44 this also has OpenSSH_7.8p1. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events