Critical OpenSSH vulnerability 'regreSSHion' (CVE-2024-6387) discovered, affects almost all Linux systems
Researchers from the Threat Research Unit (TRU) of security company Qualys have discovered a critical security vulnerability in the Linux OpenSSH server that relies on
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server | Qualys Security Blog
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regression-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
qualys.com/2024/07/01/cve-2024-6387/regression.txt
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
openssh.com/txt/release-9.8
https://www.openssh.com/txt/release-9.8
'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems
https://www.computing.co.uk/news/4329906/critical-vulnerability-openssh-uncovered-affects-linux-systems
OpenSSH is a suite of secure network utilities based on the SSH protocol, which uses strong encryption to ensure privacy and secure file transfers, making it an essential tool for remote server administration and secure data communication. Known for its extensive security and authentication features, OpenSSH supports a variety of encryption technologies and is standard on several UNIX-like systems, including macOS and Linux.
regreSSHion is a vulnerability and exploit in the OpenSSH server (sshd), assigned the CVE number CVE-2024-6387 , specifically due to a race condition in the sshd signal handler.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with the highest privileges, leading to a complete compromise of the system, including complete system takeover, installation of malware, data manipulation, and creation of backdoors.
Additionally, gaining root access allows an attacker to bypass firewalls, intrusion detection systems, etc., further obscuring the attacker's activities. This could lead to a major data breach, as the attacker would then have access to all data stored on the system.
According to Qualys, CVE-2024-6387 is a regression of the vulnerability '
Versions affected by CVE-2024-6378 are versions prior to version 4.4p1 released in September 2006, or versions 8.5p1 to 9.8p1 released in March 2021. According to Qualys, 31% of OpenSSH servers worldwide are vulnerable, and searches on Shodan and Censys revealed that there are more than 14 million vulnerable OpenSSH servers. OpenBSD is not affected.
The OpenSSH development team enabled address space layout randomization in a 32-bit Linux environment and conducted a demonstration experiment. The results showed that it took an average of 6 to 8 hours of continuous connection before exploitation was possible. This is because CVE-2024-6378 exists in a race condition in the signal handler, and Qualys also argued that 'multiple attempts are required to actually execute code, making it difficult to exploit.'
The OpenSSH development team has already released version 9.8p1, which fixes the vulnerability. Qualys says that if you cannot update or recompile OpenSSH, you can mitigate the threat by setting the 'LoginGraceTime' item to 0 in the configuration file.
To protect against serious threats, Qualys recommended that organizations 'promptly apply OpenSSH patches,' 'minimize the risk of attack by restricting SSH through network-based controls,' and 'implement systems that monitor and alert for anomalous exploitation activity.'
◆ Forum is currently open
A forum related to this article has been set up on the official GIGAZINE Discord server . Anyone can post freely, so please feel free to comment! If you do not have a Discord account, please refer to the account creation procedure explanation article to create an account!
• Discord | 'Has the OpenSSH vulnerability 'regreSSHion' been addressed?' | GIGAZINE
https://discord.com/channels/1037961069903216680/1257639076450926612
Related Posts: