RegreSSHion : SSH Remote code execution vulnerability
CVE-2024-6387 that was caused by regression of a bug fixed in 2006 in OpenSSH allows remote code execution with root access.
Ripple Bora
7/7/20241 min read
Recently discovered Remote Code Execution vulnerability (CVE-2024-6387) in OpenSSH server poses a significant risk to several organizations that have public facing OpenSSH servers.
This vulnerability is caused by a race condition in signal handler and allows unauthenticated remote code execution as root.
It takes several attempts to successfully exploit this vulnerability, but once exploited, it gives the attacker privileged access and ability to execute arbitrary code which can lead to full system take over.
The patch for this was quickly made available by the OpenSSH developers. If you have any OpenSSH servers running, you must expedite the patch process.
In addition you should also limit the number of public facing SSH servers, limit the access to any that are running using network based controls. These are good practices that you should always follow.
Also keep a close any on any unusual activity on SSH servers.