A new vulnerability has been discovered which allows remote attackers to gain root privileges on #Linux servers.
We investigate how easy is it for CVE-2024-6387 to be exploited – and look at how to defend against it.
Full story ⇒ https://t.co/haDxi8IhBL pic.twitter.com/lRO79tHwf5
— Kaspersky (@kaspersky) July 3, 2024
Researchers at the Qualys Threat Research Unit have discovered a critical security flaw in OpenSSH’s server in glibc-based Linux systems. The vulnerability, named “regreSSHion,” is a re-emergence of a bug that was previously patched in 2006. According to Qualys, more than 14 million internet-facing servers are vulnerable.
🚒 This week started with an RCE in OpenSSH 🔥
CVE-2024-6387 affects OpenSSH versions from 8.5p1 to 9.7p1 and is a regression of an old flaw, CVE-2006-5051. An unauthenticated attacker can gain root access on glibc-based Linux systems, but they need to trigger a race condition… pic.twitter.com/tvRuui65J5
— Kaspersky (@kaspersky) July 1, 2024
The flaw could allow attackers to gain unauthorized access to affected systems, putting a large number of Linux environments at risk. “We urge all users to apply the necessary patches as soon as possible,” said a spokesperson from Qualys. “The implications of leaving this vulnerability unaddressed could be severe.”
If you run your own Linux server it is time to do a system update:
A remote execution vulnerability in OpenSSH hits millions of Linux systems.
Update now and stay safe out there!https://t.co/g1V58T4drW
— Nextcloud 📱☁️💻 (@Nextclouders) July 3, 2024
The vulnerability exploits weaknesses in two key components of the OpenSSH server, though detailed technical specifics were not disclosed to prevent further exploitation.
We are reporting out OpenSSH servers potentially vulnerable to CVE-2024-6387 RCE (“regreSSHion”): https://t.co/lFQfMrnGz1
~4.5M hosts possibly vulnerable 2024-07-02 (out of over 23.5M seen)https://t.co/DCwlZiQLwc
Details: https://t.co/bajl4WIJTy
NVD: https://t.co/3T1S0EMfRX pic.twitter.com/XqrzlzPaSE
— The Shadowserver Foundation (@Shadowserver) July 3, 2024
The discovery comes shortly after another exposure affecting OpenSSH was patched last October, highlighting ongoing security challenges within this domain. Security researchers continue to work to identify and patch such flaws to maintain the integrity of open-source software. Qualys recommends that users implement the patches available for their respective Linux distributions without delay.
The threat posed by “regreSSHion” is significant, and swift action is essential to safeguard systems against potential attacks. For more detailed information on how to update your systems and protect against this vulnerability, consult the security advisories published by your Linux distribution’s security team. The vulnerability affects the following OpenSSH versions:
Versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.
Critical update for OpenSSH security
Versions from 4.4p1 up to, but not including, 8.5p1, are not vulnerable due to a patch for CVE-2006-5051, which made a previously unsafe function secure. The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.
Anyone running a vulnerable version should update as soon as practicable. A patch is now available. Many, but not all, Linux distributions have made it available.
If you can get it, install it as soon as possible. If you can’t install a patch for some reason, consider protecting yourself against the regreSSHion vulnerability by setting `LoginGraceTime` to 0 in the `sshd_config` file. This setting is not a perfect solution; while it will prevent exploits, it exposes your systems to potential denial-of-service attacks.
Make sure to restrict SSH access to your server using network-based controls to limit potential attack vectors. Configure your firewall to detect and block the large number of connections needed to exploit this vulnerability. Keep an eye out for the OpenSSH patches.
When they do become available, apply them as soon as possible. You can significantly reduce your exposure to the regreSSHion security hole by implementing these measures.