RegreSSHion openssh vulnerability
Security researchers have identified a critical vulnerability in OpenSSH, dubbed "RegreSSHion," which allows attackers to gain root access. This exploit, stemming from a bug first discovered in 2006, requires patience as it takes several hours to execute successfully.
The term "regression" refers to a previously fixed bug that reappears due to changes in the source code. The RegreSSHion bug, CVE-2024-6387, is a race condition that occurs when unsuccessful SSH connections are terminated. If a client does not send authentication data within 120 seconds, the SSH server sends a SIGALRM signal to log the event, which can be exploited to insert malicious code.
The following OpenSSH versions are vulnerable:
- Versions before 4.4p1 (unless patched for CVE-2006-5051 or CVE-2008-4109)
- Versions 8.5p1 to 9.8 (first fixed in version 9.8p1)
We created an article how to Update SSHD on Debian, Ubuntu and Red Hat Linux
Exploiting this vulnerability requires bypassing various security mechanisms and significant patience. The exploit works roughly one in ten thousand attempts, primarily on 32-bit systems. With 100 parallel connections, the attack can succeed in six to eight hours, but default settings usually allow only ten connections, extending the attack duration.
Researchers successfully exploited the bug in OpenSSH 9.2p1 under Debian GNU/Linux. Currently, only glibc-based systems are vulnerable, with OpenBSD being immune.
Admins should ensure their Linux systems have the latest OpenSSH versions. Both Debian and Ubuntu have released updated packages:
Red Hat is still investigating, with initial analyses showing only Red Hat Enterprise Linux 9 is affected.
The RegreSSHion vulnerability highlights the importance of keeping software up to date. Ensure your systems are protected by updating to OpenSSH 9.8p1 or later.
For more details, refer to the Qualys Security Advisory.
