AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

regreSSHion vulnerability discovered in OpenSSH

Learn how an old vulnerability returns in a new, threatening form and what steps to take to secure your OpenSSH systems

A flaw in OpenSSH, called regreSSHion and identified as CVE-2024-6387, allows remote attacks. This bug is a regression of an old CVE from 2006. Major Linux distributions have released updates to address the issue.

This pill is also available in Italian language

Recently, security firm Qualys discovered a new flaw in OpenSSH, dubbed regreSSHion, which concerns a race condition within the popular security software. OpenSSH is widely considered one of the most secure software in the world, thanks to its defense-in-depth design and exemplary code. However, the identified vulnerability, CVE-2024-6387, is an anomaly in an otherwise near-perfect implementation. The bug comes into play when a client fails to authenticate within the time specified by the LoginGraceTime option, which has a default value of 120 seconds (599 in older versions of OpenSSH). This triggers the SIGALRM handler in asynchronous mode, creating a potential path for remote attacks and code execution with root privileges.

Return of an old CVE

What makes this vulnerability particularly interesting is that it is a regression of an old CVE dating back to 2006, namely CVE-2006-5051. The new version of the vulnerability is not only a repeat of the old problem, but demonstrates how the exploit can be executed in new and more effective ways. The detailed report published by Qualys explores in depth the technical circumstances that allow this race condition to become a palpable threat. The criticality of regreSSHion highlights the importance of detailed testing and constant monitoring of security implementations, even for software with a historically robust reputation like OpenSSH.

Updates and mitigations for different distributions

Major Linux distributions responded quickly by providing updates that address this vulnerability. For example, Ubuntu users will see a message through the apt update system informing them of the fix for CVE-2024-6387 for versions 22.04 LTS, 23.10, and 24.04 LTS. Likewise, Red Hat has published a page dedicated to mitigating this flaw, while SUSE and Debian have provided similar resources for their users. It is essential that system administrators apply these updates immediately to protect their systems from potential exploits that could exploit this vulnerability.

Control tools and final considerations

To check which machines in your network could be vulnerable, you can use tools such as the CVE-2024-6387_Check Python script, which allows precise verification of the presence of the flaw. It is critical to ensure that all machines are up to date and compliant with released patches. Finally, a pinch of irony: in a data center still populated by machines with CentOS 7, which no longer receive official updates, the risks are amplified. It is therefore crucial to avoid using distributions that are no longer supported in production environments to avoid potential security disasters.

Follow us on WhatsApp for more pills like this

07/03/2024 20:45

Marco Verro

Last pills

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report

AT&T: data breach discovered that exposes communications of millions of usersDigital security compromised: learn how a recent AT&T data breach affected millions of users

New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediately

Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromises