Fortra is actively researching a new vulnerability in OpenSSH dubbed “regreSSHion”. This remote code execution vulnerability – CVE-2024-6387 – could allow an unauthenticated remote attacker to execute arbitrary code as root. Fortra recommends updating sshd as soon as possible to mitigate this threat.
Who is affected?
Customers using the following versions of OpenSSH may be affected:
- Versions of OpenSSH up to 4.4p1, unless patched for CVE-2006-5051 and CVE-2008-4109
- Versions of OpenSSH from 8.5p1 before 9.8p1
Note: OpenBSD systems are not affected.
What can I do?
It is recommended to update to sshd version 9.8p1.
If immediate updating is not possible, administrators can set the login timeout to zero (LoginGraceTime=0 in sshd_config) as a temporary mitigation. However, this configuration can make the SSH server more susceptible to DDoS attacks.
How is Fortra helping me?
Fortra is actively researching this threat to build detection capabilities.
Vulnerability Scanning: Alert Logic released agent-based scan coverage on July 3, 2024, authenticated scan detection on July 4, and unauthenticated scan detection on July 8. If the vulnerability is found, an exposure (EID: 271298) will be raised for CVE-2024-6387.
Updates
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.
07/03/2024: Alert Logic released agent-based scan coverage.
07/04/2024: Alert Logic released authenticated scan coverage.
07/08/2024: Alert Logic released unauthenticated scan coverage.
Comments
0 comments
Please sign in to leave a comment.