What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

News 'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems

D

DJones

Very Senior Member
CVE-2024-6387

www.computing.co.uk

'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems

Researchers at the Qualys Threat Research Unit (TRU) have unearthed discovered a critical security flaw in OpenSSH's server (sshd) in glibc-based Linux systems.
www.computing.co.uk www.computing.co.uk

vulcan.io

Comprehensive Cybersecurity and Exposure Management | Tenable®

Tenable helps you find, prioritize & fix cyber risk, in the cloud and on-prem, using robust security, vulnerability management, and compliance tools.
vulcan.io vulcan.io

“The new vulnerability, assigned CVE-2024-6387, allows for unauthenticated remote code execution (RCE) with root privileges, posing a severe threat to affected systems.

An attacker could potentially gain complete control of the affected system, executing arbitrary code with root privileges. This could allow the installation of malware, the creation of backdoors and the exfiltration or manipulation of data. In addition, gaining root privileges could allow the intruder to disable or bypass critical security systems in order to maintain a permanent presence.”

“Customers are advised to upgrade to OpenSSH 9.8 or later to remediate this vulnerability.”
 

Mitigating CVE-2024-6387​

  • Patch Systems: OpenSSH released version 9.8 on July 1, 2024, addressing this vulnerability. Ensure all systems are updated.
  • Network Controls: Implement firewalls and intrusion detection/prevention systems to monitor and control SSH traffic, mitigating the risk of prolonged connections.
If you are unable to take these actions, this signal handler
race condition can be fixed by simply setting LoginGraceTime to 0 in the configuration file. This makes sshd vulnerable to a denial of service
(the exhaustion of all MaxStartups connections), but it makes it safe
from the remote code execution presented in this advisory.

Furthermore, in an advisory OpenSSH stated that “Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept

hadrian.io

What you need to know: OpenSSH RegreSSHion CVE-2024-6387

OpenSSH vulnerability CVE-2024-6387 poses a critical risk, allowing remote code execution on Linux systems. Patch and protect your organization now.
hadrian.io hadrian.io
Click to expand...
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
D News CVE-2024-53104 Linux Kernel Out-of-Bounds Write Vulnerability General Network Security 7
D News TikTag unfixable Arm vulnerability General Network Security 11
D News Windows Wi-Fi Driver Remote Code Execution Vulnerability CVE-2024-30078 General Network Security 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 677 (members: 25, guests: 652)
Back
Top