Critical find by Qualys. There is already a POC on the GitHub and detection is going to be not fun. 😬 Affected OpenSSH versions: OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109. Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure. The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function. OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.
More original research by Qualys Threat Research Unit (TRU) discovering an Unauthenticated Remotely exploitable vulnerability in OpenSSH. We already see millions of instances of the affected versions that are internet facing. Please patch/mitigate ASAP before attackers develop an exploit. 🔑 🛡️Key Characteristics of RegreSSHion CVE-2024-6387: - Remotely exploitable - No authentication needed - Allows arbitrary code execution - Grants full root privileges - Requires no user interaction - Affects the default configuration #qualys #vulnerabilitymanagement https://lnkd.in/gZiEnE4Y