OpenSSH “regreSSHion” RCE with root privileges (CVE-2024-6387). The vulnerability was discovered by Qualys. An unauthenticated remote attacker can execute arbitrary code as root. It sounds creepy. 😱🙂
This vulnerability is a regression of the CVE-2006-5051. For it, by the way, there are no signs of exploitation in the wild or exploits.
🔻 The regression happened in October 2020, starting with OpenSSH version 8.5p1
🔻 “glibc-based Linux systems” in default configuration are vulnerable, OpenBSD is not vulnerable
🔻 There are 14 million potentially vulnerable hosts on the Internet
🔻 Qualys promise not to publish the exploit, but third-party researchers can write it based on the detailed write-up
Vulnerable versions:
❌ OpenSSH < 4.4p1
❌ 8.5p1 <= OpenSSH < 9.8p1
Invulnerable versions:
✅ 4.4p1 <= OpenSSH < 8.5p1
✅ OpenSSH >= 9.8p1
Upd. Attacking a 32-bit system with ASLR in laboratory conditions took 6-8 hours. Apparently the process is not so easy. 😉
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.