Avoid the Hack! :donor:<p><a href="https://infosec.exchange/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a>: Remote Unauthenticated Code Execution <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> in OpenSSH server</p><p>This one is for my sysadmins out there... or really, anyone who runs/manages a server with sshd facing the internet.</p><p>"The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration."</p><p>Long story short: successful exploitation could lead to full system compromise.</p><p>This affects OpenSSH versions older than 4.4p1 and versions _between_ 8.5p1 and 9.8p1.</p><p>Note that some <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> distros (current versions of RHEL 7 and RHEL 8) are unaffected. Most distros have updates available. Update ASAP.</p><p>If updating is not possible, you can set set LoginGraceTime in /etc/ssh/sshd_config to 0. This comes with the risk of making the sshd server vulnerable to denial of service.</p><p><a href="https://infosec.exchange/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openssh</span></a> <a href="https://infosec.exchange/tags/ssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ssh</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p><p>regreSSHion is tracked as CVE-2024-6387.</p><p><a href="https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server#automatically-patch-regresshion-vulnerability-with-qualys-patch-management" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.qualys.com/vulnerabilitie</span><span class="invisible">s-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server#automatically-patch-regresshion-vulnerability-with-qualys-patch-management</span></a></p>