There are two security vulnerability bulletins regarding OpenSSH, CVE-2006-5051 and CVE-2008-4109. This vulnerability is also called regreSSHion.

• OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.

• Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure.

• The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.

Security Analytics version 8.2.8 is NOT vulnerable to either using CVE-2006-5051 or CVE-2008-4109.  SA is running OpenSSH version 8.0p1,

OpenSSH_8.0p1, OpenSSL 1.0.2zd-fips  15 Mar 2022

This is determined by running ssh -v.

The operating system for SA is CentOS 7.6.

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server