I would like to bring your attention that on July 1, 2024, a new Critical Vulnerability in OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed regreSSHion was reported, affecting glibc-based Linux systems. This vulnerability, identified as CVE-2024-6387, allows remote attackers to execute arbitrary code as root due to a signal handler race condition in sshd.
Technical Details: [2]
The vulnerability allows attackers to execute arbitrary code with the highest privileges, leading to full system takeover. This can result in malware installation, data manipulation, and backdoor creation for persistent access. It enables network propagation, allowing attackers to exploit other vulnerable systems within the organization.
Affected Products: [1]
- OpenSSH servers on Linux from version 8.5p1 up to, but not including 9.8p1
- Versions 4.4p1 up to, but not including 8.5p1 are not vulnerable to CVE-2024-6387 thanks to a patch for CVE-2006-5051, which secured a previously unsafe function
- Versions older than 4.4p1 are vulnerable to regreSSHion unless they are patched for CVE-2006- 5051 and CVE-2008-4109.
- OpenBSD systems are not impacted by this flaw thanks to a secure mechanism introduced back in 2001
Recommendations:
Review and apply the patches from Linux distribution security bulletins, including but not limited to:
If you have any concerns or need assistance, please write an email to cybersecurity@itsec.hr or in case of cybersecurity incident open a PMI/MI security related in the ITSec Portal.
