Critical OpenSSH Vulnerability (regreSSHion) Gives Root Access
An unauthenticated remote code execution vulnerability (CVE-2024-6387) was discovered in OpenSSH, a widely used tool for secure remote access. Dubbed “regreSSHion”, this race condition vulnerability allows attackers to take complete control in glibc-based Linux systems. Let’s break down what this means and how to protect yourself.
What is the regreSSHion Vulnerability?
Qualys researchers identified a critical vulnerability in OpenSSH that lets attackers gain unauthorized root access on a system. This gives them complete control, allowing them to steal data, install malware, or even launch attacks on other vulnerable systems.
The name “regreSSHion” cleverly combines the word “regression” and “SSH” to highlight the vulnerability’s key aspects. It’s a regression bug, meaning a previously fixed flaw (CVE-2006-5051) from 2006 reappeared in newer OpenSSH versions. Also, this RCE bug is the first of its kind in nearly two decades for OpenSSH. It works in the default configuration without any user interaction, making it highly exploitable.
How Severe Is This Vulnerability?
While the vulnerability itself is serious, successfully exploiting it may require multiple attempts. However, attackers may use automated tools to overcome these hurdles. Patching your system is crucial to prevent such attempts.
Affected Versions
Not all OpenSSH versions are vulnerable:
- Versions before 4.4p1: These are vulnerable unless they have specific patches (CVE-2006-5051 and CVE-2008-4109).
- Versions 4.4p1 to 8.5p1 (not including 8.5p1): These are safe because of a previous fix (CVE-2006-5051).
- Versions 8.5p1 to 9.8p1 (not including 9.8p1): These are vulnerable due to an accidental change that brought back the issue.
Mitigating The regreSSHion Vulnerability
Here’s what you can do to protect yourself:
Update OpenSSH: The most effective solution to address this vulnerability is to update your OpenSSH server to 9.8p1 or later.
Restrict SSH access: Limit access to your SSH server using firewalls and network segmentation. This makes it harder for attackers to reach and exploit the server.
Temporary mitigation (use with caution): If immediate updates are not possible, you can temporarily set the ‘LoginGraceTime’ to 0 in the SSH server configuration. However, this can leave your systems vulnerable to denial-of-service attacks.
Conclusion
By updating to 9.8p1 or later, you can significantly reduce the risk of being compromised by the regreSSHion vulnerability. Remember, staying up-to-date with security patches is essential for maintaining a secure system.
TuxCare’s AlmaLinux team released updated OpenSSH packages to address this vulnerability within hours of disclosure. TuxCare offers Enterprise Support for AlmaLinux, which includes a 16-year support lifecycle, extended security updates with continuous FIPS compliance, enhanced support, and more.
The sources for this article include a story from Qualys.