No ads, no sponsors, 100% Bitcoin community-funded. Support us here.

News
clock [#1315] Created with Sketch. 2 min read

'RegreSSHion' Vulnerability in OpenSSH Potentially Puts 700K Linux Boxes at Risk

The vulnerability, a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems, posing a security risk. This issue affects sshd in its default configuration.

'RegreSSHion' Vulnerability in OpenSSH Potentially Puts 700K Linux Boxes at Risk
  • The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.
"We have identified over 14 million potentially vulnerable OpenSSH server instances exposed to the Internet. Anonymized data from Qualys CSAM 3.0 with External Attack Surface Management data reveals that approximately 700,000 external internet-facing instances are vulnerable. This accounts for 31% of all internet-facing instances with OpenSSH in our global customer base," writes Qualys.
  • If exploited, the vulnerability allows attackers to fully compromise a system. They can execute arbitrary code with the highest privileges, leading to complete system control, malware installation, data manipulation, and creation of backdoors for persistent access. It also enables network propagation, letting attackers use the compromised system to exploit other vulnerable systems within the organization.
  • "Bitcoiners running lightning nodes with a remote ssh access, you want to patch ASAP. So far the exploit is not trivial, but the risk is huge," said developer Antoine Poinsot on X.
1: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server 2: https://www.openssh.com/releasenotes.html 3: https://www.wiz.io/blog/cve-2024-6387-critical-rce-openssh 4: https://github.com/zgzhang/cve-2024-6387-poc
Source: @Wietze

Affected OpenSSH versions

The vulnerability impacts the following OpenSSH server versions:

  • Open SSH version between 8.5p1-9.8p1
  • Open SSH versions earlier than 4.4p1, if they’ve not backport-patched against CVE-2006-5051 or patched against CVE-2008-4109

The SSH features in PAN-OS are not affected by CVE-2024-6387.

Mitigation

  • Apply available patches for OpenSSH and prioritize ongoing update processes.
openoms
npub14tq8m9g...hy62
A quick summary on regreSSHion https://cert.europa.eu/publications/security-advisories/2024-066/pdf Most home nodes are not exposed to the public internet, but any cloud server or VPS is at high risk. Log in and check the openssh-server version with: apt list openssh-server See the safe versions for Debian (most distros on RPi are Debian based): https://security-tracker.debian.org/tracker/CVE-2024-6387 for Ubuntu (the most used on cloud servers): https://ubuntu.com/security/CVE-2024-6387 in many occasions autoupdate (aka unattended-upgrades) took care of it already, but if not run manually: # update the apt store sudo apt update # look for openssh-server updating sudo apt upgrade -y # restart the ssh service to update the running code sudo systemctl restart ssh
#regreSSHion #security
Jul 2, 2024, 11:46 AM
184
0
3
9
Open
/rootzoll
npub169jd0rq...5ua8
Normally, your #RaspiBlitz SSH is safe behind a home router NAT, but manual updating is recommended until a new RaspiBlitz release. On the terminal, type: sudo apt-get update sudo apt-get upgrade openssh-server https://x.com/qualys/status/1807693619161133539
Jul 2, 2024, 01:53 PM
541
2
4
9
Open

Qualys Report / Archive
CVE Summary

Author: EZ
Liked the article?

Sign up for No Bullshit Bitcoin

No Bullshit Bitcoin Is a Bitcoin News Desk Without Ads, Paywalls, or Clickbait.

No spam. Unsubscribe anytime.

Leave a comment

You might also like

Join 39 000+ fellow Bitcoiners!

Follow us on Nostr