OpenSSH Remote Code Execution (RegreSSHion) Vulnerability (CVE-2024-6387)

An OpenSSH Remote Code Execution (RegreSSHion) Vulnerability (CVE-2024-6387) was identified recently in OpenSSH server (sshd) and dubbed regreSSHion.  The vulnerability is known to be exploitable in the default configuration of Open SSH in specific version ranges running on 32-bit glibc-based Linux systems, and allows an unauthenticated attacker to execute arbitrary code on the affected systems with root privileges.

 

Vulnerability

  • OpenSSH Remote Code Execution (RegreSSHion) Vulnerability (CVE-2024-6387)

 

Severity Level

  • High

 

Affected Products

  • Open SSH version earlier than 4.4p1, unless they are patched for CVE-2006-5051 and CVE-2008-4109
  • OpenSSH versions 8.5p1 up to but not including 9.8p1

 

Remediation

  • Update to the latest patch of OpenSSH immediately.
  • Limit the access control of SSH.

 

Reference

 

Enquiry

 

Published on: 03 Jul 2024