A newly identified bug in OpenSSH’s server (sshd) poses a severe threat to Glibc-based Linux systems, with infosec researchers at Qualys warning that around 700,000 of the 14 million potentially vulnerable sshd instances could be exploited.
Dubbed regreSSHion (CVE-2024-6387), this vulnerability is a race condition that allows unauthenticated remote code execution (RCE) and full system takeovers.
OpenSSH is widely used for secure network communication, and the vulnerability traces back to a regression of a flaw initially patched in 2006 (CVE-2006-5051), reintroduced in October 2020 with OpenSSH version 8.5p1. The bug can be exploited if a client doesn’t authenticate within the LoginGraceTime (default 120 seconds), causing the server’s SIGALRM handler to call functions that aren’t async-signal-safe, leading to potential arbitrary code execution and root access.
“New unauthenticated OpenSSH RCE vulnerability ‘regreSSHion’ on glibc-based Linux systems grants root access. Stay vigilant! #CyberSecurity #OpenSSH #RCE
Link: https://t.co/xhRgV86dfg”
— The Daily Decrypt Podcast – Cyber Security News (@DailyDecryptPod) July 1, 2024
Qualys’s analysis shows that exploiting this vulnerability is challenging due to its remote race condition nature and the need to overcome Address Space Layout Randomization (ASLR). Their lab tests indicated it could take between six to eight hours to achieve a successful exploit under optimal conditions.
The vulnerability affects OpenSSH versions earlier than 4.4p1 (unless patched for CVE-2006-5051 and CVE-2008-4109) and versions from 8.5p1 up to but not including 9.8p1. OpenBSD systems are unaffected due to a security mechanism implemented in 2001.
https://t.co/J7l9FkSAey – “New OpenSSH vulnerability ‘regreSSHion’ allows unauthenticated remote attackers to gain root privileges on glibc-based Linux systems. Mitigate with latest update and network controls. Over 14M internet-exposed servers at risk. #Xynik #CyberSecurity #V…
— Xynik (@XynikIT) July 1, 2024
To mitigate this risk, users are advised to apply the latest patches, limit SSH access through network-based controls, segment networks, and employ monitoring systems that alert administrators of exploit attempts.
Despite the regreSSHion bug, Qualys praised the OpenSSH project for its defense-in-depth design and near-flawless implementation.
Start Growing with Cloudways Today.
Our Clients Love us because we never compromise on these
Abdul Rehman
Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He's also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.
