“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
How does CVE-2024-6387 allow system control without authentication?
CVE-2024-6387, a vulnerability in OpenSSH's server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems2. This flaw stems from a signal handler race condition, which occurs when a client does not authenticate within the time specified by LoginGraceTime. The server's SIGALRM handler is then called asynchronously, leading to heap corruption and ultimately, arbitrary code execution. This enables attackers to gain complete system control without needing any login credentials.
What is CVE-2024-6387's impact on Linux servers?
CVE-2024-6387, also known as "RegreSSHion," is a critical vulnerability affecting OpenSSH servers (sshd) on glibc-based Linux systems. This vulnerability allows unauthenticated remote code execution (RCE) with root privileges, potentially leading to full system compromise, installation of malware, data manipulation, and creation of backdoors for persistent access. The flaw stems from a race condition in the signal handler, which can be exploited by attackers to gain control of vulnerable servers.
What caused the reintroduction of CVE-2006-5051 in 2020?
The reintroduction of CVE-2006-5051 in 2020 was caused by a code regression in OpenSSH. This regression led to the reappearance of the vulnerability that was initially fixed in 2006. The vulnerability resurfaced in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.