Critical OpenSSH Vulnerability Affects Linux Systems

By

The vulnerability allows unauthenticated remote code execution.

Researchers at the Qualys Threat Research Unit (TRU) have found a critical security flaw in OpenSSH's server in glibc-based Linux systems.

The “regreSSHion” vulnerability (CVE-2024-6387), is “a signal handler race condition in OpenSSH’s server (sshd),” which allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems, says Bharat Jogi in a Qualys TRU blog post. "This race condition affects sshd in its default configuration."

OpenSSH is “a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which is vital for secure communication over unsecured networks,” Jogi explains. “OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.”

Read more at Qualys.
 
 
 

 
 
 

07/08/2024

Related content

comments powered by Disqus