Menu
What's new
By:
Filters Better Search

News 'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

DJones

Very Senior Member
CVE-2024-6387

www.computing.co.uk

'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems

Researchers at the Qualys Threat Research Unit (TRU) have unearthed discovered a critical security flaw in OpenSSH's server (sshd) in glibc-based Linux systems.
www.computing.co.uk www.computing.co.uk

vulcan.io

CVE-2024-6387: How to fix the regreSSHion vulnerability

CVE-2024-6387, or regreSSHion, allows remote unauthenticated attackers to execute code on OpenSSH servers. Here's what you need to know.
vulcan.io vulcan.io

“The new vulnerability, assigned CVE-2024-6387, allows for unauthenticated remote code execution (RCE) with root privileges, posing a severe threat to affected systems.

An attacker could potentially gain complete control of the affected system, executing arbitrary code with root privileges. This could allow the installation of malware, the creation of backdoors and the exfiltration or manipulation of data. In addition, gaining root privileges could allow the intruder to disable or bypass critical security systems in order to maintain a permanent presence.”

“Customers are advised to upgrade to OpenSSH 9.8 or later to remediate this vulnerability.”
 

Mitigating CVE-2024-6387​

  • Patch Systems: OpenSSH released version 9.8 on July 1, 2024, addressing this vulnerability. Ensure all systems are updated.
  • Network Controls: Implement firewalls and intrusion detection/prevention systems to monitor and control SSH traffic, mitigating the risk of prolonged connections.
If you are unable to take these actions, this signal handler
race condition can be fixed by simply setting LoginGraceTime to 0 in the configuration file. This makes sshd vulnerable to a denial of service
(the exhaustion of all MaxStartups connections), but it makes it safe
from the remote code execution presented in this advisory.

Furthermore, in an advisory OpenSSH stated that “Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept

hadrian.io

What you need to know: OpenSSH RegreSSHion CVE-2024-6387

OpenSSH vulnerability CVE-2024-6387 poses a critical risk, allowing remote code execution on Linux systems. Patch and protect your organization now.
hadrian.io hadrian.io
Click to expand...
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
D News [Ars] Critical takeover vulnerabilities in EOL'd D-Link NASes are being exploited General Network Security 2
D News Windows Wi-Fi Driver Remote Code Execution Vulnerability CVE-2024-30078 General Network Security 2
D News New 28 year old Php/gnu c buffer overflow vulnerability. General Network Security 4
XIII CVE-2024-31497: PuTTY vulnerability vuln-p521-bias General Network Security 3
C TP-Link Archer High Vulnerability General Network Security 27

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 805 (members: 27, guests: 778)
Top