Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

regreSSHion (CVE-2024-6387): This OpenSSH vulnerability opens the door to hackers

byEray Eliaçık
July 1, 2024
in Cybersecurity
Home News Cybersecurity

CVE-2024-6387, also known as regreSSHion, is a critical security vulnerability in OpenSSH’s server component (sshd) on glibc-based Linux systems. This flaw allows for unauthenticated remote code execution (RCE) with root privileges, posing a significant risk to affected systems.

In this article, we will explain the OpenSSH vulnerability known as regreSSHion (CVE-2024-6387), detail the steps you need to take immediately, list the affected versions, and guide you on how to check if your system is vulnerable.

What is CVE-2024-6387 (regreSSHion)?

regreSSHion (CVE-2024-6387) is a vulnerability that enables attackers to execute arbitrary code on a target system without needing to authenticate. The name regreSSHion highlights the nature of the flaw as a regression bug in OpenSSH. This means that an attacker can gain full root access to the system, potentially leading to complete system compromise, data theft, and persistent unauthorized access.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

  • Type of Vulnerability: Signal handler race condition in OpenSSH’s server (sshd).
  • Affected Systems: glibc-based Linux systems.
  • Impact: Unauthenticated remote code execution with root privileges.
  • Default Configuration: The vulnerability affects OpenSSH’s default configuration and does not require user interaction.
Discover CVE-2024-6387 (regreSSHion), a critical OpenSSH vulnerability. Learn how to check your version, apply patches, and protect your system.
The OpenSSH vulnerability, known as regreSSHion (CVE-2024-6387), is a critical security flaw in OpenSSH’s server component (sshd) on glibc-based Linux systems

The Qualys Threat Research Unit (TRU) discovered that this vulnerability is a regression of an earlier flaw, CVE-2006-5051, which had been patched previously. The regression occurred due to changes or updates made in October 2020 with the release of OpenSSH version 8.5p1, inadvertently reintroducing the issue. This makes regreSSHion the first significant unauthenticated RCE vulnerability in OpenSSH in nearly two decades.

Exploitation

  • Mechanism: If a client does not authenticate within 120 seconds (as defined by the LoginGraceTime setting), sshd’s SIGALRM handler is called asynchronously in a manner that is not async-signal-safe.
  • Requirements: The attack requires continuous connections over a period of 6-8 hours to succeed under lab conditions, particularly on 32-bit Linux/glibc systems with address space layout randomization (ASLR).

Affected versions by OpenSSH vulnerability

  • Versions earlier than 4.4p1: Vulnerable unless patched for CVE-2006-5051 and CVE-2008-4109.
  • Versions from 4.4p1 to 8.5p1: Not vulnerable due to a previous patch.
  • Versions from 8.5p1 to 9.7p1: Vulnerable due to the accidental removal of a critical security component.
Discover CVE-2024-6387 (regreSSHion), a critical OpenSSH vulnerability. Learn how to check your version, apply patches, and protect your system.
This OpenSSH vulnerability allows unauthenticated remote code execution (RCE) with root privileges, posing a severe

What do you need to do now?

To mitigate the risks associated with regreSSHion (CVE-2024-6387), users should:

  1. Apply the Latest Patches: Ensure that OpenSSH is updated to the latest version where the vulnerability is addressed.
  2. Limit SSH Access: Use network-based controls to restrict SSH access.
  3. Enforce Network Segmentation: Implement segmentation to limit unauthorized access and lateral movement within the network.

OpenSSH version check

How to check OpenSSH version? There are two main ways to check your OpenSSH version:

  • Using the ssh -V command: This is the simplest and most common way. The ssh command with a capital V flag will display the version information for the OpenSSH client installed on your system. This works on Linux, macOS, and even Windows with OpenSSH installed.
  • Checking the remote server version (if applicable): If you want to know the version of the OpenSSH server running on a remote machine, you can use the ssh command with the -v flag (lowercase v) to connect in verbose mode. This will display various connection details, including the version of the remote OpenSSH server.

CVE-2024-6387 (regreSSHion) represents a significant threat due to its ability to grant unauthenticated remote code execution with root privileges. The reappearance of such a vulnerability underscores the importance of rigorous regression testing and prompt application of security patches. By taking proactive measures, organizations can protect their systems from the severe implications of this vulnerability.


All images are generated by Eray Eliaçık/Bing

Tags: vulnerability

Related Posts

Salesforce Agentforce hit by Noma “ForcedLeak” exploit

Salesforce Agentforce hit by Noma “ForcedLeak” exploit

September 26, 2025
Co-op Group reports £75m loss after April cyber-attack

Co-op Group reports £75m loss after April cyber-attack

September 25, 2025
Taiwan industrial production up 14.4% in August thanks to AI chips

Taiwan industrial production up 14.4% in August thanks to AI chips

September 25, 2025
LastPass: GitHub hosts atomic stealer malware campaign

LastPass: GitHub hosts atomic stealer malware campaign

September 25, 2025
Sentinelone finds malterminal malware using OpenAI GPT-4

Sentinelone finds malterminal malware using OpenAI GPT-4

September 23, 2025
FBI warns of fake IC3 websites stealing data

FBI warns of fake IC3 websites stealing data

September 23, 2025

LATEST NEWS

Asus ROG Ally, Ally X preorders open; ships October 16

OpenAI: GDPval framework tests AI on real-world jobs

Hugging Face: AI video energy use scales non-linearly

Apple Wallet digital ID expands to North Dakota

Salesforce Agentforce hit by Noma “ForcedLeak” exploit

BetterPic: The industry-leading AI headshot generator

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.