Critical "RegreSSHion" discovered

Honey wake up, the new SSH vulnerability just dropped.

A new high-severity vulnerability in OpenSSH, dubbed "regreSSHion" (CVE-2024-6387), has been discovered couple days ago. This flaw affects OpenSSH servers on glibc-based Linux systems and could allow unauthenticated remote code execution with root privileges.

What you need to know:

• The vulnerability impacts OpenSSH versions 8.5p1 to 9.7p1, as well as versions earlier than 4.4p1 (if not patched for older CVEs).
• Over 14 million potentially vulnerable instances are exposed to the internet.
• While there's no known exploitation in the wild yet, a working exploit has been developed by researchers. The complexity of the exploit might delay widespread attacks, but it's important to act quickly.

Action items:

1. Update all OpenSSH instances to version 9.8p1 or later ASAP.
2. If immediate patching isn't possible, set LoginGraceTime to 0 in the sshd config file as a temporary mitigation.
3. Reduce the number of internet-facing sshd servers where possible to be less prone to Zero-day issues like this one.

If you want to know more you can check out the deep dive by Qualys Threat Research Unit, who discovered and reported the issue. Stay secure!

In our security analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006. A regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue.