New OpenSSH Vulnerability “regreSSHion” Enables Root Privileges on Linux Systems

by | Jul 2, 2024 | News

Post Views: 1,559




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

A recently discovered vulnerability in OpenSSH, dubbed “regreSSHion” (CVE-2024-6387), has been identified by Qualys researchers. This critical flaw allows unauthenticated remote attackers to execute arbitrary code with root privileges on glibc-based Linux systems.

What is OpenSSH?

OpenSSH is a widely used suite of networking utilities based on the Secure Shell (SSH) protocol. It provides secure remote login, remote server management, administration, and file transfers via SCP and SFTP.

Details of the regreSSHion Vulnerability

  • Identifier: CVE-2024-6387
  • Discovered by: Qualys in May 2024
  • Severity: Critical
  • Affected Systems: OpenSSH versions 8.5p1 to 9.7p1 on glibc-based Linux systems

Description

The vulnerability arises from a signal handler race condition in sshd. If a client does not authenticate within the LoginGraceTime (default 120 seconds), sshd‘s SIGALRM handler is called asynchronously. This handler calls various functions that are not async-signal-safe, leading to potential memory corruption and arbitrary code execution.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Potential Impact

Exploitation of this vulnerability can lead to severe consequences, including:

  • Full system takeover
  • Installation of malware
  • Data manipulation
  • Creation of backdoors for persistent access
  • Facilitation of network propagation

Exploitability

While Qualys indicates that the regreSSHion vulnerability is difficult to exploit and requires multiple attempts to achieve the necessary memory corruption, the use of AI tools may increase the success rate of exploitation.

Mitigation and Recommendations

To address or mitigate the regreSSHion vulnerability, the following steps are recommended:

  1. Update OpenSSH: Apply the latest update (version 9.8p1), which addresses this vulnerability.
  2. Restrict SSH Access: Use network-based controls such as firewalls and network segmentation to restrict SSH access and prevent lateral movement.
  3. Temporary Mitigation: If updating immediately is not possible, set LoginGraceTime to 0 in the sshd configuration file to minimize exposure. However, this can make the server susceptible to denial-of-service attacks.

Trending: How Companies Risk Security for Compliance Comfort in Pentesting




Trending: Offensive Security Tool: Genzai

Non-Impacted Systems

  • OpenBSD: Not affected due to a secure mechanism introduced in 2001.
  • Older Versions of OpenSSH: Versions from 4.4p1 up to 8.5p1 are not vulnerable thanks to a patch for CVE-2006-5051.
  • Other Operating Systems: The exploitability of regreSSHion on macOS and Windows has not been confirmed and requires separate analysis.

Current Exposure

Scans from Shodan and Censys reveal over 14 million internet-exposed OpenSSH servers. However, Qualys confirmed a vulnerable status for approximately 700,000 instances based on their CSAM 3.0 data.

Trending: JavaScript Supply Chain Attack: Polyfill.io Redirects Users to Scam Sites After Chinese Acquisition

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This