Critical vulnerability in openssh "regreSSHion"

aniglo22 · Jul 2, 2024

CVE-2024-6387
Check your servers !!

Affected Versions: OpenSSH 8.5p1 to 9.8p1.
Exploit: Remote code execution as root due to the vulnerable SIGALRM handler calling async-signal-unsafe functions.

0xDEADBEEF · Jul 2, 2024

Also a reminder to not expose SSH to the world but only to a jump server. Workaround is available by setting LoginGraceTime to 0 in /etc/ssh/sshd_config.

linusAG · Jul 2, 2024

https://xkcd.com/2347/

mraleph · Jul 3, 2024

This is a 2nd significant and sofisticated OpenSSH vulnerability after CVE-2024-3094. These vulnerabilities do not exist in ssh from www.ssh.com 🙄 Questions about open source reliability should be asked.

aniglo22 said:
aniglo22 said:
CVE-2024-6387
Check your servers !!

Affected Versions: OpenSSH 8.5p1 to 9.8p1.

Exploit: Remote code execution as root due to the vulnerable SIGALRM handler calling async-signal-unsafe functions.

Click to expand...

This particular is actualy an unforeseen consequence of a patch for CVE-2006-5051 hence it affects mainly OpenSSH versions on x86 - 32 bit hw platforms. Theoretical risk exist for x86-64 ones.

0xDEADBEEF said:
0xDEADBEEF said:
Also a reminder to not expose SSH to the world but only to a jump server. Workaround is available by setting LoginGraceTime to 0 in /etc/ssh/sshd_config.
Click to expand...

Generaly, a proper mitigation that we use always and not only for this vulnerability 😉 But for this types of attacks, a key is to have a firewall with rate limiter - intermediate server is quality solution with added value and multi-factor authentication.

Last edited: Jul 3, 2024

Search

Critical vulnerability in openssh "regreSSHion"

aniglo22

🗣️ Loud Newcomer

0xDEADBEEF

🗣️ Loud Newcomer

linusAG

🗣️ Loud Newcomer

mraleph

🗣️ Loud Newcomer