Skip to content

Recently, the OpenSSH maintainers released security updates to fix a critical vulnerability that could lead to unauthenticated remote code execution (RCE) with root privileges. This vulnerability, identified as CVE-2024-6387, resides in the OpenSSH server component (sshd), which is designed to listen for connections from client applications.

Notifications You must be signed in to change notification settings

TAM-K592/CVE-2024-6387

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 

Repository files navigation

OpenSSH CVE-2024-6387 Vulnerability Checker This Python script checks if servers are running a vulnerable version of OpenSSH that is susceptible to the CVE-2024-6387 vulnerability. It scans the specified IP addresses or network ranges for the OpenSSH banner and compares it against known vulnerable versions.

🚨🚨Security Alert Notification🚨🚨

Release Date: July 1, 2024

Vulnerability Details

Recently, the OpenSSH maintainers released security updates to fix a critical vulnerability that could lead to unauthenticated remote code execution (RCE) with root privileges. This vulnerability, identified as CVE-2024-6387, resides in the OpenSSH server component (sshd), which is designed to listen for connections from client applications.

According to Bharat Jogi, Senior Director of the Qualys Threat Research Unit, the vulnerability is a signal handler race condition affecting glibc-based Linux systems running sshd in its default configuration. This issue, termed "regreSSHion," is a regression of a previously patched vulnerability (CVE-2006-5051), which reappeared in the OpenSSH version 8.5p1 released in October 2020.

Affected Packages

The following versions of OpenSSH are affected by this vulnerability:

  • 8.5p1 to 9.7p1
  • Versions prior to 4.4p1 are also affected unless patched for CVE-2006-5051 and CVE-2008-4109

Note that OpenBSD systems are not affected by this vulnerability due to built-in security mechanisms.

Attack Method

This vulnerability arises from a signal handler race condition, which attackers can exploit in the following ways:

  • If the client does not authenticate within 120 seconds, sshd's SIGALRM handler is called asynchronously in a manner that is not async-signal-safe.
  • Successful exploitation leads to a full system compromise and takeover, allowing the attacker to execute arbitrary code with the highest privileges, bypass security mechanisms, steal data, and maintain persistent access.

Remediation Recommendations

To mitigate this vulnerability, we recommend the following actions:

  1. Update OpenSSH Immediately: Update OpenSSH to the latest version (9.8p1) to fix this vulnerability.
  2. Strengthen SSH Access Controls: Limit SSH access through network-based controls and implement network segmentation to restrict unauthorized access and lateral movement.

References

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

https://thecyberthrone.in/2024/07/01/regresshion-vulnerability-cve-2024-6387/

https://securityaffairs.com/165087/security/openssh-server-critical-flaw.html

https://www.bleepingcomputer.com/news/security/new-regresshion-openssh-rce-bug-gives-root-on-linux-servers/

https://www.theregister.com/2024/07/01/regresshion_openssh/

About

Recently, the OpenSSH maintainers released security updates to fix a critical vulnerability that could lead to unauthenticated remote code execution (RCE) with root privileges. This vulnerability, identified as CVE-2024-6387, resides in the OpenSSH server component (sshd), which is designed to listen for connections from client applications.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages