We do often include affiliate links to earn us some pennies. See more here.

If you're dealing with Linux servers, or you have an active OpenSSH Server on your desktop, you may want to look into regreSSHion.

Made public by Qualys today, who you might remember from the vulnerabilities in the GNU C Library they announced earlier this year. Their latest discovery is actually a regression, but quite a serious one. Tagged as CVE-2024-6387 it's "a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems".

Their research showed it's a regression of CVE-2006-5051, which was reported in 2006 but then introduced again as an issue going back to October 2020 (OpenSSH 8.5p1). Woops.

Here's what they said about:

This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access. It could facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization.

Moreover, gaining root access would enable attackers to bypass critical security mechanisms such as firewalls, intrusion detection systems, and logging mechanisms, further obscuring their activities. This could also result in significant data breaches and leakage, giving attackers access to all data stored on the system, including sensitive or proprietary information that could be stolen or publicly disclosed.

This vulnerability is challenging to exploit due to its remote race condition nature, requiring multiple attempts for a successful attack. This can cause memory corruption and necessitate overcoming Address Space Layout Randomization (ASLR). Advancements in deep learning may significantly increase the exploitation rate, potentially providing attackers with a substantial advantage in leveraging such security flaws.

See all in their announcement.

Article taken from GamingOnLinux.com.
16 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
6 comments

I like the nickname for it. lol
birdip Jul 1
Note that you should restart your openssh daemon right after updating the package. Otherwise it is possible that you are locked out from your server!
See e.g. here: https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/
View PC info
  • Supporter Plus
You may also as a temporary fix mitigate the issue by setting "LoginGraceTime 0" in your SSH configuration.
Taros Jul 2
Quoting: BlackBloodRumYou may also as a temporary fix mitigate the issue by setting "LoginGraceTime 0" in your SSH configuration.
"Set LoginGraceTime to 0 in /etc/ssh/sshd_config. This makes sshd
vulnerable to a denial of service (the exhaustion of all MaxStartups
connections), but it makes it safe from this vulnerability."
https://ubuntu.com/security/CVE-2024-6387
View PC info
  • Supporter Plus
Quoting: Taros
Quoting: BlackBloodRumYou may also as a temporary fix mitigate the issue by setting "LoginGraceTime 0" in your SSH configuration.
"Set LoginGraceTime to 0 in /etc/ssh/sshd_config. This makes sshd
vulnerable to a denial of service (the exhaustion of all MaxStartups
connections), but it makes it safe from this vulnerability."
https://ubuntu.com/security/CVE-2024-6387
Yup, but it's a temporary measure until you can properly patch things, after all. A DoS is better than remote code execution in my opinion.

Relevant info for RHEL folks:
https://access.redhat.com/security/cve/cve-2024-6387
F.Ultra Jul 3
View PC info
  • Supporter
Quoting: birdipNote that you should restart your openssh daemon right after updating the package. Otherwise it is possible that you are locked out from your server!
See e.g. here: https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/

Doesn't Arch do that automatically? DEB based distributions all restart the running demon when the package is installed/upgraded.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register


Or login with...
Sign in with Steam Sign in with Google
Social logins require cookies to stay logged in.