Critical vulnerability in openssh "regreSSHion"
- Thread starter aniglo22
- Start date
- Status
Also a reminder to not expose SSH to the world but only to a jump server. Workaround is available by setting LoginGraceTime to 0 in /etc/ssh/sshd_config.
This is a 2nd significant and sofisticated OpenSSH vulnerability after CVE-2024-3094. These vulnerabilities do not exist in ssh from www.ssh.com 🙄 Questions about open source reliability should be asked.
This particular is actualy an unforeseen consequence of a patch for CVE-2006-5051 hence it affects mainly OpenSSH versions on x86 - 32 bit hw platforms. Theoretical risk exist for x86-64 ones.
Generaly, a proper mitigation that we use always and not only for︂ this vulnerability 😉 But for this types of attacks, a key is to have a firewall︃ with rate limiter - intermediate server is quality solution with added value and multi-factor authentication.︄
This particular is actualy an unforeseen consequence of a patch for CVE-2006-5051 hence it affects mainly OpenSSH versions on x86 - 32 bit hw platforms. Theoretical risk exist for x86-64 ones.
Generaly, a proper mitigation that we use always and not only for︂ this vulnerability 😉 But for this types of attacks, a key is to have a firewall︃ with rate limiter - intermediate server is quality solution with added value and multi-factor authentication.︄
- Status