Critical vulnerability in openssh "regreSSHion"

aniglo22 · Tuesday at 19:52

CVE-2024-6387
Check your servers !!

Affected Versions: OpenSSH 8.5p1 to 9.8p1.
Exploit: Remote code execution as root due to the vulnerable SIGALRM handler calling async-signal-unsafe functions.

0xDEADBEEF · Tuesday at 19:55

Also a reminder to not expose SSH to the world but only to a jump server. Workaround is available by setting LoginGraceTime to 0 in /etc/ssh/sshd_config.

linusAG · Tuesday at 23:06

Dependency

xkcd.com

mraleph · Wednesday at 13:41

This is a 2nd significant and sofisticated OpenSSH vulnerability after CVE-2024-3094. These vulnerabilities do not exist in ssh from www.ssh.com

Questions about open source reliability should be asked.

aniglo22 said:
CVE-2024-6387
Check your servers !!

Affected Versions: OpenSSH 8.5p1 to 9.8p1.

Exploit: Remote code execution as root due to the vulnerable SIGALRM handler calling async-signal-unsafe functions.

This particular is actualy an unforeseen consequence of a patch for CVE-2006-5051 hence it affects mainly OpenSSH versions on x86 - 32 bit hw platforms. Theoretical risk exist for x86-64 ones.

0xDEADBEEF said:
Also a reminder to not expose SSH to the world but only to a jump server. Workaround is available by setting LoginGraceTime to 0 in /etc/ssh/sshd_config.

Generaly, a proper mitigation that we use always and not only for this vulnerability

But for this types of attacks, a key is to have a firewall with rate limiter - intermediate server is quality solution with added value and multi-factor authentication.

Our valued sponsor

Critical vulnerability in openssh "regreSSHion"

aniglo22

0xDEADBEEF

linusAG

New member

Dependency

mraleph

Forum Announcement

Latest Threads